Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

edit ClientSSL profile using Python SDK

Hi,

is there a way to edit a ClientSSL profile using the Python SDK? For example, changing the assigned certificates and keys?

regards Daniel

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I encountered a small issue and haven't worked out the proper (per SDK) way to handle it yet.

The config has both the cert-key-chain field that holds the cert, key, and chain-cert as one item. But the config also has what I believe are the 'legacy' cert, key, and chain fields. In the SDK these are represented by attributes certKeyChain, cert, key, and chain, respectively.

I have not been able to update a profile by only updating the certKeyChain. I've tried various ways of 'blanking' out the other fields, or even deleting the attributes entirely before performing an update. All result in error. The only success I've had is to update both certKeyChain and the cert, key, and chain fields with the same value. I assume there's a cleaner way to do this.

Note: Output heavily trimmed for brevity:

>>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
[...]
 u'cert': u'/Common/second-test-key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/second-test-key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~second-test-key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/second-test-key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~second-test-key.key?ver=13.0.0'},
                    u'name': u'second-test-key'}],
 u'chain': u'none',
 u'key': u'/Common/second-test-key.key',
 u'name': u'my_profile',

>>> new_certificate = '/Common/first_test_key.crt'
>>> new_key = '/Common/first_test_key.key'
>>> new_certKeyChain = {'name': 'first_test_key',
...                     'cert': new_certificate,
...                     'key': new_key,
...                     }
>>> my_profile.certKeyChain.pop()
>>> my_profile.certKeyChain.append(new_certKeyChain)
>>> my_profile.cert = new_certificate
>>> my_profile.key = new_key
>>> my_profile.update()
>>> pprint(my_profile.raw)
{'_meta_data': {'allowed_commands': [],
 u'cert': u'/Common/first_test_key.crt',
 u'certExtensionIncludes': [u'basic-constraints', u'subject-alternative-name'],
 u'certKeyChain': [{u'appService': u'none',
                    u'cert': u'/Common/first_test_key.crt',
                    u'certReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-cert/~Common~first_test_key.crt?ver=13.0.0'},
                    u'chain': u'none',
                    u'key': u'/Common/first_test_key.key',
                    u'keyReference': {u'link': u'https://localhost/mgmt/tm/sys/file/ssl-key/~Common~first_test_key.key?ver=13.0.0'},
                    u'name': u'first_test_key'}],
 u'chain': u'none',
 u'key': u'/Common/first_test_key.key',
 u'name': u'my_profile',
0