Forum Discussion

Josh_Becigneul_'s avatar
Josh_Becigneul_
Icon for Nimbostratus rankNimbostratus
Oct 22, 2014

Upload SSL certificate/key via REST API

Hello All,

Looking to see if anyone knows of a method of uploading certs and keys to a BIGIP unit, using a method similar to the following example, but using REST instead of the SOAP API.

Example:

  puts bigip["Management.KeyCertificate"].certificate_import_from_pem('MANAGEMENT_MODE_DEFAULT', [ cert['cert_name'] ], [ File.open(cert['cert_file']).read ], true)
  puts bigip["Management.KeyCertificate"].key_import_from_pem('MANAGEMENT_MODE_DEFAULT', [ cert['cert_name'] ], [ File.open(cert['key_file']).read ], true)

Thanks!

application delivery
devops
iControl
LTM
management

10 Replies

Sort By
  • Andrew_Husking's avatar
    Andrew_Husking
    Icon for Cirrus rankCirrus
    Oct 22, 2014

    I believe this was answered here:

     

    https://devcentral.f5.com/questions/upload-ssl-keys-certs-via-icontrol-rest-api

     

  • JoshBecigneul's avatar
    JoshBecigneul
    Icon for MVP rankMVP
    Oct 23, 2014

    Aha! Well, I did know about that method, but I was hoping to avoid the multiple steps needed to handle it.

     

  • Faintly_Lucky's avatar
    Faintly_Lucky
    Icon for Nimbostratus rankNimbostratus
    Jul 28, 2015

    Well, that's why there are multiple interfaces and APIs. :)

     

    I use both SOAP and REST in my scripts, sometimes even within the same sub-routine depending on what I find works best or is the most efficient. If you're dead set on using the REST API, then try using the equivalent of the Net::SCP::Expect module in Perl for whatever language (Python?) you're writing in to upload the files before running your post.

     

    • Akash9920's avatar
      Akash9920
      Icon for Nimbostratus rankNimbostratus
      Jul 27, 2020

      Hi Jason, can we upload a file to a specific folder? instead of the default location?

      • JRahm's avatar
        JRahm
        Icon for Admin rankAdmin
        May 21, 2021

        you'll want something a little more foolhardy. That logic has been rolled into either the f5-common-python library (no longer maintained) or the newer bigrest library, which is actively being developed (but not by F5). Even so, I recommend the latter.

        Original Script

        To do it with bigrest (untested but should be close):

        from bigrest.bigip import BIGIP
from pathlib import Path
import sys
 
 
def instantiate_bigip(host, user, password):
    try:
        obj = BIGIP(host, user, password)
    except Exception as e:
        print(f"Failed to connect to {host} due to {type(e).__name__}:\n")
        print(f"{e}")
        sys.exit()
    return obj
 
 
def upload_file(obj, filename):
    if Path(filename).suffix == ".iso":
        endpoint = "/mgmt/cm/autodeploy/software-image-uploads"
    else:
        endpoint = "/mgmt/shared/file-transfer-uploads"
    try:
        obj.upload(endpoint, filename)
    except Exception as e:
        print(f"Failed to upload {Path(filename).name} due to {type(e).__name__}:\n")
        print(f"{e}")
        sys.exit()
        
 
if __name__ == "__main__":
    host = '1.1.1.1'
    user = 'admin'
    password = 'admin'
    f = '/path/to/your/file/file.xyz'
    b = instantiate_bigip(host, user, password)
    upload_file(f)

         You can add argparse to take arguments instead of hardcoding the file and bigip details, or set them as environment variables and include them that way. Obviously not secure to keep credentials this way.

  • no3am_307596's avatar
    no3am_307596
    Icon for Nimbostratus rankNimbostratus
    Feb 10, 2017

    I'm looking to do the same in python, but using the SDK? any reference for that?