Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Upload SSL certificate/key via REST API

Josh_Becigneul_
Nimbostratus
Nimbostratus

Hello All,

Looking to see if anyone knows of a method of uploading certs and keys to a BIGIP unit, using a method similar to the following example, but using REST instead of the SOAP API.

Example:

  puts bigip["Management.KeyCertificate"].certificate_import_from_pem('MANAGEMENT_MODE_DEFAULT', [ cert['cert_name'] ], [ File.open(cert['cert_file']).read ], true)
  puts bigip["Management.KeyCertificate"].key_import_from_pem('MANAGEMENT_MODE_DEFAULT', [ cert['cert_name'] ], [ File.open(cert['key_file']).read ], true)

Thanks!

9 REPLIES 9

I believe this was answered here:

 

https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api

 

Aha! Well, I did know about that method, but I was hoping to avoid the multiple steps needed to handle it.

 

Faintly_Lucky
Nimbostratus
Nimbostratus

Well, that's why there are multiple interfaces and APIs. 🙂

 

I use both SOAP and REST in my scripts, sometimes even within the same sub-routine depending on what I find works best or is the most efficient. If you're dead set on using the REST API, then try using the equivalent of the Net::SCP::Expect module in Perl for whatever language (Python?) you're writing in to upload the files before running your post.

 

JRahm
Community Manager
Community Manager

Hi Jason, can we upload a file to a specific folder? instead of the default location?

Hi Jason,

 

Do you still have this python script?

you'll want something a little more foolhardy. That logic has been rolled into either the f5-common-python library (no longer maintained) or the newer bigrest library, which is actively being developed (but not by F5). Even so, I recommend the latter.

Original Script

To do it with bigrest (untested but should be close):

from bigrest.bigip import BIGIP
from pathlib import Path
import sys
 
 
def instantiate_bigip(host, user, password):
    try:
        obj = BIGIP(host, user, password)
    except Exception as e:
        print(f"Failed to connect to {host} due to {type(e).__name__}:\n")
        print(f"{e}")
        sys.exit()
    return obj
 
 
def upload_file(obj, filename):
    if Path(filename).suffix == ".iso":
        endpoint = "/mgmt/cm/autodeploy/software-image-uploads"
    else:
        endpoint = "/mgmt/shared/file-transfer-uploads"
    try:
        obj.upload(endpoint, filename)
    except Exception as e:
        print(f"Failed to upload {Path(filename).name} due to {type(e).__name__}:\n")
        print(f"{e}")
        sys.exit()
        
 
if __name__ == "__main__":
    host = '1.1.1.1'
    user = 'admin'
    password = 'admin'
    f = '/path/to/your/file/file.xyz'
    b = instantiate_bigip(host, user, password)
    upload_file(f)

 You can add argparse to take arguments instead of hardcoding the file and bigip details, or set them as environment variables and include them that way. Obviously not secure to keep credentials this way.

no3am_307596
Nimbostratus
Nimbostratus

I'm looking to do the same in python, but using the SDK? any reference for that?