Generate private key w/ CSR via iControl REST

Problem this snippet solves:

Generate a private key w/ CSR

How to use this snippet:

To create a private key with a CSR via iControl REST:

 

POST URL: https://10.1.1.165/mgmt/tm/sys/crypto/key

Use the data below as your payload.


For the name field, it must end in .key or you will get a false 404!

Code :

{  
"name":"www.testing.com.key",  
"commonName":"www.testing.com",  
"keySize":"4096",  
"keyType":"rsa-private",  
"options":[{"gen-csr":"www.testing.com"}],  
"organization":"Let It Snow Corp.",  
"ou":"Ice Engineering",  
"city":"Calhoun",  
"state":"AZ",  
"admin-email-address":"jerry@letit.snow",  
"email-address":"beth@letit.snow",  
"subject-alternative-name":"DNS:www.testing.com",  
"challenge-password":"myP4ssword"  
}

Tested this on version:

13.0
Published Aug 13, 2019
Version 1.0

Was this article helpful?

9 Comments

  • Hi Gregory,

    Thanks for the post! is there a GET or any other API to pull the newly created/generated CSR?

    Regards,

  • Tushar,

     

    Take a look at this: https://devcentral.f5.com/s/question/0D51T00006i7del/export-a-fips-based-csr-certificate-signing-request-via-icontrol

     

    Let me know if that doesn't help.

  • The same can be done with python SDK:

    mgmt.tm.sys.crypto.keys.key.create(name='www.testing.com.key', options=[{"gen-csr":"www.testing.com"}], commonName='www.testing.com', country='BE', city='Brussels', organization='AEL Lab', ou='IT', subjectAlternativeName='DNS:www.testing.com, DNS:testing.com')

    But couldn't find a way to retrieve the CSR file or text directly with SDK? I guess we have to go via mgmt.tm.util.bash.exec_cmd

  • This helped me a lot!

     

    Gregory do you know from here how I could retrieve the CSR and key text directly using the iControl RestAPI?

  • How can I specify a partition? When added to JSON it seems to be ignored

  •  add the following key pair in the above payload, it works for me

    "partition":"PART1",

     

    note: replace PART1 with your partition you want to generate the key on.

  •  Here is the pay payload and URI for the CSR generations

    https://{{bigip}}/mgmt/tm/sys/crypto/csr

    Please note, you need to have key generated before prior to create the CSR.

    {  
    	"name": "www.example.com",  
    	"commonName": "www.example.com",
        "partition":"TENANT_2",  
    	"key": "www.example.com.key",  
    	"organization": "Cutomer4",  
    	"ou": "Engineering",  
    	"city": "London",  
    	"state_or_province_name": "England",
        "country": "UK",
    	"email-address": "customer4@example2.com"
    }