Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ
The functionality to automate the import of SSL cert & key from BIG-IP to BIG-IQ is available in the product starting BIG-IQ 7.0 and above. This script should not be used on BIG-IQ 7.0+ as it has not been tested on those versions. |
This script will import all supported SSL Certificate, Key & CRL that exist as unmanaged objects on this BIG-IQ which can be found on the target BIG-IP.
Steps performed by the script:
- Gather certificate and key metadata (including cache-path) from BIG-IPs
- Download certificate and key file data from BIG-IPs
- Upload certificate and key file data to BIG-IQ
Prerequisite: Discover and import LTM services before using this script.The target BIG-IP will be accessed over ssh using the BIG-IP root account.
Installation: The script must be installed in BIG-IQ under /shared/scripts:
# mkdir /shared/scripts# chmod +x /shared/scripts/import-bigip-cert-key-crl.py
Command example:
# ./import-bigip-cert-key-crl.py <big-ip IP address>
Enter the root user's password if prompted.
Allowed command line options: -h show this help message and exit -l LOG_FILE, log to the given file name --log-level {debug,info,warning,error,critical}, set logging to the given level (default: info) -p PORT BIG-IP ssh port (default: 22)
Result: Configuration > Certificate Management > Certificates & Keys
Before running the script:
After running the script:
Location of the scripts on GitHub: https://github.com/f5devcentral/f5-big-iq-pm-team
In case you BIG-IQ is running on Hardware:
Step 1: Install packages using pip, targeting a location of your choice
# mkdir py-modules# pip install --target py-modules requests argparse
Step 2: Run using python2.7, adding py-modules to the python path
# PYTHONPATH=py-modules python2.7 import-bigip-cert-key-crl.py <big-ip IP address>