How to Create a CSR in Powershell/iControl using an Existing Key
Hello, I am trying to automate CSR creation on the BigIP with iControl/Powershell. I can easily create new CSRs using new keys, but I can't figure out how to generate a CSR using an existing key. We need to do this so that we can update our SAN certs without invalidating the existing Certificate/key pair while we process the request with our provider. I use this to create a new key for a brand new CSR/Certificate request ... $CSRKey = New-Object -TypeName iControl.ManagementKeyCertificateKey_v2; $CSRKey.id = 'www.sitename.com'; $CSRKey.key_type = 'KTYPE_RSA_PUBLIC'; $CSRKey.bit_length = 2048; $CSRKey.security = 'STYPE_NORMAL'; ... but I can't find any functions in the iControl Reference Wiki to grab an existing key to use for the CSR. Can anyone point me in the right direction? Thanks!, Sean361Views0likes1CommentQuestion on CSR and SSL
Please someone help me clear below doubt. Below is the scenario i am demonstrating in LAB. 1) I have generated CSR on LTM and provided to CA (CA is my Windows server 2012) 2)With the help of open SSL on Windows server 2012 i generated public and private key pair and signed the CSR. "TESTVIP" is name of my newly signed certificate. I also extracted public key from CAserver. 3)I have imported "TESTVIP" certificate and private key in LB(got private key while generating CSR on LB). Question1) When i am associating this (TESTVIP and private key) to client SSL profile it is giving me an error "KEY and certificate do not match. Though i have done it correctly. Question2) Also i am trying to install CA public key in end user browser to trust the website, but it says "this file is invalid for use as following security certificate". How can i establish that green lock symbol in URL in such LAB scenario? Any help would be appreciated.1.4KViews1like8CommentsECDSA prime256v1 CSR file signing
Hello guys, I would be very pleasured for a small advice. We're changing a SSL certificate for our production server. Untill now we were using RSA as CSR generation alorithm. However Symantec now offers signing with ECC with RSA root so we would like to swtich to this variant. My question is: In this case, do I have to generate CSR with key type ECDSA and curve name prime256v1 to be able to send for signing with ECC with RSA root to Symantec? We use BIG-IP model 2200 , Version 11.5.1. Many thanks for your response. Ivan305Views0likes0Comments