Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Rest API to Upload Certificate TO BIG IP LTM from my Local Machine(local path) & not from BIG IP LTM device

Hi,

I want to upload certificate to LTM from my local machine using Rest API.

Case 1:: I am able to upload certificate to LTM where the .crt file is present on LTM Machine itself using below Rest Call.

https://mgmtIp/mgmt/tm/sys/crypto/cert

Body is as below e.g.{"command":"install","name":"alice","from-local-file":"/var/mycert/alice.crt"} In above call the path is from LTM Device.Certificate file is present on LTM device.

Case 2 :: Is it possible to upload certificate from my local machine to LTM.

e.g.If i changed above path /var/mycert/alice.crt to D:/mycert/... etc.etc.

Please help if anyone has solution to this.

Thanks,

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I was looking for a way to copy the certification to the LTM using REST, but I didn’t find anything. So, what I ended up doing was I wrote a python script that used paramiko and scp to copy the cert and install it. I was able to copy and install an intermediate cert to 170 LTMs running various versions of 11.5.x, 12.x and 13 in about 30 minutes. Script below, it’s not elegant but it worked.

Another thing I looked at was just using scp to copy the cert then using the following commands to install via the api.

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/cert -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.crt"}'

curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/crypto/key -d '{"command":"install","name":"test","from-local-file":"/var/tmp/test.key"}'
#!/usr/bin/env python
import paramiko
from scp import SCPClient
import time

username = "<username>"
password = "<password>"
command1 = "tmsh list sys crypto cert <certname.cer>"
command2 = "tmsh install sys crypto cert <certname> from-local-file /var/tmp/<certname.cer>"
f1 = open("lb_in.txt", "r")
f2 = open("fail.txt", "a")
f3 = open("copy_status.txt", "a")

# Creates list based on f1
devices = f1.readlines()
# commands = f3.readlines()


def dev_ssh(device):
    device = device.rstrip()
    try:
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(device, username=username, password=password, timeout=15)
        # scp = SCPClient(ssh.get_transport())
        status = "auth-success"
    except paramiko.AuthenticationException:
        status = "auth-failed"
    except:
        status = "ssh-failed"
    return ssh, status


for device in devices:
    device = device.rstrip()
    ssh, status = dev_ssh(device)

    if "failed" not in status:
        stdin, stdout, stderr = ssh.exec_command(command1)
        output = stdout.read()
        if b"<certname.cer>" not in output:
            scp = SCPClient(ssh.get_transport())
            scp.put("<certname.cer>", "/var/tmp/<certname.cer>")
            stdin, stdout, stderr = ssh.exec_command(command2)
            time.sleep(3)
            f3.writelines("{0} {1}\n".format(device, "copied successful"))
        else:
            print(
                "{0} {1}\n".format(
                    device, "<certname> already exists"
                )
            )
            f3.writelines(
                "{0} {1}\n".format(
                    device, "<certname> already exists"
                )
            )
    else:
        print(device, status)
        f2.writelines("{0} {1}\n".format(device, status))
0