replacing SSL certificates for existing virtuals through the CLI

Question

I've written a script that will copy a new .crt file to the F5 for a given virtual and "replace" the old one. What bigpipe command can I use to tell the virtual (www.mfreeman.com) to reload without affecting current sessions?  
&nbsp; I thought I could simply create a new temporary virtual like so, and then delete it:  
&nbsp; b virtual b0rk { profile clientssl www.mfreeman.com }  
&nbsp; b virtual b0rk delete  
&nbsp; but it doesn't appear to be working..  
&nbsp; I plan on making this stuff work w/ the iControl API so if anyone knows how to do it in there also that would be appreciated.  
&nbsp; thanks,  
&nbsp; Mike Freeman

hooleylist · Answer

Hi Mike,  
&nbsp; The quick and dirty method using the command line is to run a 'b load' to force a re-read of the SSL cert file into memory (SOL6066 - Click here).  You could also click on Save in the GUI on the client SSL profile(s) which reference the updated certificate.  I'm sure there is an iControl method for doing this as well, but I don't know it.  
&nbsp;  
&nbsp; Aaron

mfreeman451_606 · Answer

That's not really an option for us (b load) and since we're trying to completely automate this, going through the GUI isn't either. Anyone know if there is some other trick to do this?

hooleylist · Answer

iControl would be the way to go then.  You could try posting in the iControl forum (Click here) for more relevant eyes. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

replacing SSL certificates for existing virtuals through the CLI

3 Replies

Recent Discussions

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

F5 ASM logging profile to specify source IP

Portal Access to HTTPS resources slow

Cannot login to Avaya wanx using f5 apm network access

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

ADFS Proxy Replacement on F5 BIG-IP

My Security+ Certification Journey