Replacing vserver certificates (say for SSL offload) via CLI?
I'm looking for an alternative to using the GUI for replacing a vserver's certificate. Sure if it's just one vserver it's not much work at all to swap certs via the GUI, however I have at least two instances where I have to replace the cert on eight vservers (multiple front-end ports configured) which is tedious. Another method would be to just change the cert/key/intermediate on the cert profile in use. Surely there's a more efficient way of doing this via the CLI... Thanks!Solved594Views0likes2CommentsHow to install a cert and a key through Python SDK
I am trying to install a cert and a key through Python SDK. BIG-IP Version: 12.1.2 First.. I had no problem with uploading certs and keys to F5's /var/config/rest/downloads/ folder. Now when I tried the following python code to install cert and key, I didn't see any error. key = bitip.tm.sys.file.ssl_keys.ssl_key.create(name='test', partition='Common', sourcePath='file:/var/config/rest/downloads/test.key') cert = bitip.tm.sys.file.ssl_certs.ssl_cert.create(name='test', partition='Common', sourcePath='file:/var/config/rest/downloads/test.crt') However when I logged on BIG-IP device and clicked a cert or key to see their actual content, I couldn't see any content. "No certificate" under certificate tab and an error message of "An error has occurred while trying to process your request." under Key tab. Does any one know what is causing this problem? Or is there any way I can troubleshoot this issue? Thank you.1KViews1like4CommentsPSD2 client cert check and passthrough Subject DN
I have been asked to implement a client cert check with external CA's and if the check passes then pass through the client cert Subject DN to the backend application for checking and action by application. I am an F5 newbie but from my reading I don't want to have to create a certificate bundle on the device as it will need updated as the CA's change. Any help about how this can be done quickly would be appreciated. I have a pentest scheduled and I want to do a cert check fail and pass Thanks Richard260Views0likes1CommentHow to edit certificate ca bundle via iControl REST API
Hi, I have ssl certificates that have ca bundles. These ca bundles include multiple certificates. The usecase is that some of those certificaes expire and need to be deleted at some point in time. Previously I was using the iControl SOAP method to do that: https://clouddocs.f5.com/api/icontrol-soap/Management__KeyCertificate__certificate_delete_from_bundle.html Unfortunately, this is no longer supported in the new version of BigIP. This is why we need to move to use iControl REST in order to acomplish the same goal. However, I was not able to find how to perform the same operation using iControl REST. What I was looking at was the following iControl REST API: https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_sys_file_ssl-cert.html In this API there is a subcollection "bundle-certificates". However, as far as I can see in the documentation, this subcollection is read-only. It can not be modified using iControl REST. Does anyone has an idea how to remove a certificate from the ca bundle of a given certificate using iControl REST API? Regards, Rashid744Views0likes2CommentsiPad cert based auth not working
Has anyone here recently experienced an issue with cert based auth with iPads? I have configured LTM v13.1.1 with CBA via the client SSL profile, it’s working fine with iPhones, Edge & Chrome browsers with Win10 clients etc, only iPads have an issue. Issue appears to be related to iPads running v12.x onwards. Certs are being deployed via MDM, an iPad with v11.x was working ok until upgraded to v12.4.1 Also tested on beta IOS v13 today with same outcome. Clicking on link with auth using x509 cert results in page cannot be displayed SSL error. No client cert auth prompt is displayed. Anyone else?286Views0likes1Comment