Forum Discussion

Fallout1984's avatar
Fallout1984
Icon for Cirrocumulus rankCirrocumulus
Oct 19, 2021
Solved

Replacing vserver certificates (say for SSL offload) via CLI?

I'm looking for an alternative to using the GUI for replacing a vserver's certificate. Sure if it's just one vserver it's not much work at all to swap certs via the GUI, however I have at least two i...
  • Mayur_Sutare's avatar
    Oct 25, 2021

    Yes, there is a way where you can update the certificates in the SSL profiles via cli. But you need to have the new certificate uploaded on the F5. If certificate is already uploaded on the F5, you can use below command to update new certificate under selected client and/or server SSL profile. Once you have proper certificate, key & profile name selected, you can update multiple certificates & key under ssl profiles in below commands in one go.

    tmsh modify ltm profile <SSL-Profile-Type> <SSL-Profile-Name> cert <SSL-Certificate-Name> key <SSL-Key-Name>

    If you are looking for importing certificate first (not using WebUI), then you can use SCP transfer. Once certificate & key file is transferred, first you need to install those files using below given commands. Once it is installed, you can use above command to update the certificate & key files under ssl profiles.

    tmsh install sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>
    tmsh install sys crypto key <SSL-key-name> from-local-file <path-to-key-file>

    Ref. article for more details -

    https://support.f5.com/csp/article/K14031

    NOTE- After installing the certificates and/or keys, you must verify cert & key if it is properly installed before applying same under profiles.

    This way you can manage these configurations via cli.

    Hope it helps!