19-Sep-2023 08:58
Has anyone found a way to import a PFX into the f5 using PowerShell? I am attempting to perform this using the method below but am unable to get the iControl PowerShell snap-in registered.
I see there is now PowerShell module available now instead of using the snap-in, but there are no cmdlets for importing certificates, especially pfx files. Any help is appreciated, as we are trying to automate our certifate renewals.
19-Sep-2023 16:28
ChatGPT is hallucinating an Import-ICRCertificate function in the powershell module that Joel created. I don't know powershell super well, but if you can convert curl to powershell rest commands, you should be able to make this work. Details in this thread will help.
19-Sep-2023 22:34
Hi @fullboat1010 ,
Please refer
https://community.f5.com/t5/technical-forum/how-do-you-import-pfx-file-using-icontrol-with-powershel...
Using 11.4.1, how do I import a pfx file using iControl/Powershell. In the UI, I navigate to System --> File Management --> SSL Certificate List. Click Import, change the "Import Type" drop down to PKCS 12 (IIS), enter a label for my cert in Certificate (ie: testCert), use "Choose File" to navigate to where I've stored the PFX and select the PFX. Enter the password needed by the PFX file (ie: testpassword) and click import.
I see under icontrol there is a ManagementKeyCertificate.pkcs12_import_from_file and ManagementKeyCertificate.pkcs12_import_from_file_v2
v2 is for 11.5 and above. It doesn't work on 11.4. So just ManagementKeyCertificate.pkcs12_import_from_file
I look up the overloads for this and it seems fairly straightforward: void pkcs12_import_from_file(iControl.ManagementKeyCertificateManagementModeType mode, string[] ids, string[] file_names, string[] passwords, bool overwrite)
which I translate to
$icontrol.ManagementKeyCertificate.pkcs12_import_from_file(0,@(,"testCert"),@(,"c:\temp\testCert.pfx"),@("testPassword"),$false)
which blows up with Invalid filename. Filenames may only contain the following characters: [A-Za-z][0-9].-_/"
so I try variations on the filename including setting my location to c:\temp and trying
$icontrol.ManagementKeyCertificate.pkcs12_import_from_file(0,@(,"testCert"),@(,"testCert.pfx"),@("testPassword"),$false)
which gets error:2006D080:BIO routines:BIO_new_file:no such file""
and
$icontrol.ManagementKeyCertificate.pkcs12_import_from_file(0,@(,"testCert"),@(,"/temp/testCert.pfx"),@("testPassword"),$false)
which results in: error:02001002:system library:fopen:No such file or directory""
sooo...... I guess the crux of my problem is: How do I specify where the pfx to import is located? I've seen a couple other questions with this same problem but they don't have answers... so here's my hat in the ring
25-Sep-2023 21:19
@F5_Design_Engineer - that is a very robust answer. Thanks for making the effort.
@fullboat1010 - if either (or both) of these replies resolved your issue it would be helpful to the community to click *Accept As Solution*.
Thanks for being part of our community.