This script will import all supported SSL Certificate, Key & CRL that exist as unmanaged objects on this BIG-IQ which can be found on the target BIG-IP.

Steps performed by the script:

  • Gather certificate and key metadata (including cache-path) from BIG-IPs
  • Download certificate and key file data from BIG-IPs
  • Upload certificate and key file data to BIG-IQ

Pre-Requisist:
Discover and import LTM services before using this script.
The target BIG-IP will be accessed over ssh using the BIG-IP root account.

Installation:
The script must be installed in BIG-IQ under /shared/scripts:
# mkdir /shared/scripts
# chmod +x /shared/scripts/import-bigip-cert-key-crl.py

Command example:
# ./import-bigip-cert-key-crl.py <big-ip IP address>

​Enter the root user's password if prompted.

Allowed command line options:
    -h                show this help message and exit
    -l                 LOG_FILE, log to the given file name
    --log-level   {debug,info,warning,error,critical}, set logging to the given level (default: info)
    -p PORT     BIG-IP  ssh port (default: 22)

Result:
Configuration > Certificate Management > Certificates & Keys

Before running the script:

Before

After running the script:

After

Location of the scripts on GitHub: https://github.com/f5devcentral/f5-big-iq-pm-team