Importing SSL Certs and Keys via TMSH

You could do it this way in tmsh:

create /sys file ssl-cert blah.crt { source-path http://foo/blah.crt}
 

You've to provide a URL reachable by bigip which delivers the pem-encoded certificate. This works the same with keys.

For version 10, you can just copy the files into the matching directories:

 

Payload certs:

 

/config/ssl/ssl.csr

 

/config/ssl/ssl.crt

 

/config/ssl/ssl.key

 

HTTPD certs for management:

 

/etc/httpd/conf/ssl.csr

 

/etc/httpd/conf/ssl.crt

 

/etc/httpd/conf/ssl.key

 

For version 11 (maybe someone can update this to be more specific), these files are managed by TMOS requiring you to import the certificate and key data.

 

The following was done with 11.5. This command will create test.crt and test.key as the managed prefix names. The source file is default.crt or key.

 

tmsh create /sys file ssl-cert test.crt source-path

 

tmsh create /sys file ssl-key test.key source-path

 

It has been a while, but with 10.2.2, can't you just put them (scp) in the appropriate directory and they then become available for selection by the SSL profile?

/config/ssl/ssl.crt
/config/ssl/ssl.key

Kevin