cancel
Showing results for 
Search instead for 
Did you mean: 

Patching additional TLS certificate to the existing virtual server

Aravind
Nimbostratus
Nimbostratus

Hi,

I am New to AS3.

tried following json file to patch the new TLS certificate to the existing virtual server however its not working. can you let me know what is the correct procedure ?

{   "class": "AS3",   "action": "patch",   "patchBody": [     {       "op": "add",       "path": "/tenanat/Application/private-vip/front-cert",       "value": {                    "class": "TLS_Server",           "certificates": [           {           "certificate": "frontend-cert"           }           ],           "ciphers": "DEFAULT",                     "frontend-cert": {           "class": "Certificate",           "certificate": "-----BEGIN CERTIFICATE-----fsdfsdfdshfd-----END CERTIFICATE-----\n",           "privateKey": "-----BEGIN PRIVATE KEY-----edfddsfdsfds-----END PRIVATE KEY-----\n"           },           "private-vip": {             "layer4": "tcp",                         "class": "Service_HTTPS",                     "ServerTLS" : "front-cert",             "redirect80": false,             "shareAddresses": true,             "virtualAddresses": [               "192.168.1.x"             ]           }       }     }        ] }

 

1 REPLY 1

Aravind
Nimbostratus
Nimbostratus

after a little bit tweaking in the json file, i could see the new certificate and ssl profile is created in F5 however the association to the virtual server is not happening. following is the updated json file.

{ "class": "AS3", "action": "patch", "patchBody": [ { "op": "add", "path": "/tenant/Application/front-cert", "value": { "class": "TLS_Server", "certificates": [ { "certificate": "frontend-cert" } ], "ciphers": "DEFAULT" } }, { "op": "add", "path": "/tenant/Application/frontend-cert", "value": { "class": "Certificate", "certificate": "-----BEGIN CERTIFICATE-----ffddedddd---END CERTIFICATE-----\n", "privateKey": "-----BEGIN PRIVATE KEY-----ffdddeeessddd-----END PRIVATE KEY-----\n" }, "Application":{ "class": "Application", "private-vip-0.4": { "layer4": "tcp", "class": "Service_HTTPS", "serverTLS": "front-cert", "shareAddresses": true, "virtualAddresses": [ "192.168.1.x" ] } } } ] }

I guess, by default this parameter is enabled " default SSL profile for SNI" in TLS_Server profile. due to this, the new ssl profile is not associated. tried looking at the api document for this parameter but could not find the specific key.