Management::KeyCertificate

Introduced : BIG-IP_v9.0
The KeyCertificate interface exposes methods that enable you to manage keys, certificates, and certificate requests. All methods in this interface are atomic operations, such that each operation involves creating a session context with the key/certificate management library, performing the required action, and cleaning up and/or destroying the session context when completed. Therefore, all operations are stateless. Note that all operations on keys, certificates, and certificate requests are performed in the directory location containing keys, certs, csr&aposs… as structured for Apache, which is currently /config/ssl. For archiving operations, you have the option of exporting or importing archives to/from other locations. If the location is not specified, the default location of /config/ssl will be used. This interface does not support transactions.

Methods

Method Description Introduced
add_certificate_validator Adds/associates certificate validators to the specified certificates. If a certificate is associated with a certificate validator and it&aposs certificate status validation option is set accordingly (using set_certificate_status_validation_options), then the certificate&aposs status will be monitored and updated by the certificate validator. BIG-IP_v13.0.0
certificate_add_file_to_bundle Adds certificates identified by “certificate_files” to the certificate bundles, which are presumed to exist already. Each of the original certificate bundle can theoretically be a normal certificate, i.e. a certificate bundle of one. After the add operation, the bundles will contain more than one certificate. BIG-IP_v9.2.0
certificate_add_pem_to_bundle Adds certificates identified by “pem_data” to the certificate bundles, which are presumed to exist already. Each of the original certificate bundle can theoretically be a normal certificate, i.e. a certificate bundle of one. After the add operation, the bundles will contain more than one certificate. BIG-IP_v9.2.0
certificate_bind Binds/associates the specified keys and certificates. BIG-IP_v9.0
certificate_check_validity Gets the validity of the specified certificates. BIG-IP_v9.0
certificate_delete Deletes/uninstalls the specified certificates. BIG-IP_v9.0
certificate_delete_from_bundle Deletes certificates, identified by their subject&aposs X509 data, from the certificate bundles. If the last certificate has been deleted from the bundle, the certificate file will automatically be deleted. BIG-IP_v9.2.0
certificate_delete_from_bundle_by_serial_number Deletes certificates identified by serial number and issuer&aposs X509 data from certificate bundles. If the last certificate has been deleted from the bundle, the certificate file will automatically be deleted. BIG-IP_v11.4.0
certificate_export_to_file Exports the specified certificates to the given files. BIG-IP_v9.0
certificate_export_to_pem Exports the specified certificates to PEM-formatted data. BIG-IP_v9.0
certificate_generate Generates the specified certificates. This assumes that each of the associated keys, having the same identification as each certificate, has already been created. BIG-IP_v9.0
certificate_generate_with_extensions Generates certificates with the specified certificate extensions. The associated keys, having the same identification as each certificate, must be created before creating certificates. BIG-IP_v12.0.0
certificate_import_from_file Imports/installs the specified certificates from the given files. BIG-IP_v9.0
certificate_import_from_pem Imports/installs the specified certificates from the given PEM-formatted data. BIG-IP_v9.0
certificate_request_delete Deletes the specified CSRs. BIG-IP_v9.0
certificate_request_export_to_file Exports the specified certificate requests to the given files. BIG-IP_v9.0
certificate_request_export_to_pem Exports the specified certificate requests to PEM-formatted data. BIG-IP_v9.0
certificate_request_generate Generates the specified certificate signing requests. This assumes that each of the associated keys, having the same identification as each certificate request, has already been created. BIG-IP_v9.0
certificate_request_generate_v2 Generates the specified certificate signing requests. This assumes that each of the associated keys, having the same identification as each certificate request, has already been created. BIG-IP_v13.0.0
certificate_request_generate_with_extensions Generates certificate signing requests with the specified certificate extensions. The associated keys, having the same identification as each certificate request, must be created before creating certificate signing requests. BIG-IP_v12.0.0
certificate_request_generate_with_extensions_v2 Generates certificate signing requests with the specified certificate extensions. The associated keys, having the same identification as each certificate request, must be created before creating certificate signing requests. BIG-IP_v13.0.0
certificate_request_import_from_file Imports/installs the specified certificate requests from the given files. BIG-IP_v9.0
certificate_request_import_from_pem Imports/installs the specified certificate requests from the given PEM-formatted data. BIG-IP_v9.0
export_all_to_archive_file Exports all currently installed keys and certificates in the current session active folder into the specified archive file. The archive file is a .tgz file that will contain all keys and certificates. BIG-IP_v9.0
export_all_to_archive_stream Exports all currently installed keys and certificates in the current session active folder into the returned archive stream. The returned archive stream is basically the contents of a .tgz file that contains all keys and certificates. BIG-IP_v9.0
export_to_archive_file Exports the specified keys and certificates into the specified archive file. The archive file is a .tgz file that will contain only the specified keys and certificates that have been exported. BIG-IP_v9.0
export_to_archive_stream Exports the specified keys and certificates into the returned archive stream. The returned archive stream is basically the contents of a .tgz file that contains the exported keys and certificates. BIG-IP_v9.0
get_certificate_bundle Note that this method has been deprecated as of v11.5.0. Please use method get_certificate_bundle_v2. Gets the list of all certificates bundled in the certificate files as specified by the file_names. Each file_name will contain multiple certficates. BIG-IP_v9.0
get_certificate_bundle_v2 Gets the list of all certificates bundled in the certificate files as specified by the file_names. Each file_name will contain multiple certificates. This method also provides public-key curve name in the certificate. Note: only call this method when the results of get_certificate_list_v2 indicate that there are multiple certificates bundled in a particular file. BIG-IP_v11.5.0
get_certificate_list Note that this method has been deprecated as of v11.5.0. Please use method get_certificate_list_v2. Gets the list of all installed certificates and their information. If there&aposs a certificate bundle, only the first certificate in the bundle is returned, and is_bundle flag will be set to true for the correponding bundle file name. BIG-IP_v9.0
get_certificate_list_v2 Gets the list of all installed certificates and their information. If there&aposs a certificate bundle, only the first certificate in the bundle is returned, and and is_bundle flag will be set to true for the correponding bundle file name. BIG-IP_v11.5.0
get_certificate_request_list Note that this method has been deprecated as of v11.5.0. Please use method get_certificate_request_list_v2. Gets the list of all CSRs and their information. BIG-IP_v9.0
get_certificate_request_list_v2 Gets the list of all CSRs and their information. This method also includes public key curve information. BIG-IP_v11.5.0
get_certificate_request_list_v3 Gets the list of all CSRs and their information. This method also returns admin email and public key EC curve information. BIG-IP_v13.0.0
get_certificate_request_subject_alternative_name Gets the list of all certificate request subject alternative names in the certificate request file objects as specified by the files. BIG-IP_v12.1.0
get_certificate_status_validation_options Gets the status validation options for the specified certificates. BIG-IP_v13.0.0
get_certificate_subject_alternative_name Gets the list of all certificate subject alternative names in the certificate file objects as specified by the file_names. This method is for non-bundled certificates. For certificate bundles, use get_certificate_subject_alternative_name_bundle. BIG-IP_v11.4.0
get_certificate_subject_alternative_name_bundle Gets the list of all certificate subject alternative names bundled in the certificate files as specified by the file_names. Each file_name will contain multiple certficate subject alternative names. Note: only call this method when the results of get_certificate_list/get_certificate_list_v2 indicate that there are multiple certificates bundled in a particular file. BIG-IP_v11.1.0
get_certificate_validation_status Gets the validation status for the specified certificates. BIG-IP_v13.0.0
get_certificate_validator Gets the names of the certificate validators for the specified certificates. BIG-IP_v13.0.0
get_issuer_certificate Gets the issuer certificates for the specified certificates. BIG-IP_v13.0.0
get_key_list Note that this method has been deprecated as of v11.5.0. Please use method get_key_list_v2. Gets the list of all installed keys and their information. BIG-IP_v9.0
get_key_list_v2 Gets the list of all installed keys and their information. BIG-IP_v11.5.0
get_valid_key_sizes Gets a list of valid key sizes for specified key types. The valid key sizes are bit-lengths of keys that are supported by the system. For example, 1024 and 2048 mean 128-byte and 256-byte RSA key sizes. These sizes are used when generating or importing a key. BIG-IP_v11.0.0
get_version Gets the version information for this interface. BIG-IP_v9.0
import_all_from_archive_file Imports/installs all keys and certificates from the specified archive file into current session active folder. The archive file should be a .tgz file that contains all keys and certificates. BIG-IP_v9.0
import_all_from_archive_stream Imports/installs all keys and certificates from the incoming archive stream into current session active folder. The archive stream should be the contents of a .tgz file that contains all keys and certificates. BIG-IP_v9.0
import_from_archive_file Imports/installs the specified keys and certificates from the specified archive file. The archive file should be a .tgz file that may contain more keys and certificates than what will be imported/installed. BIG-IP_v9.0
import_from_archive_stream Imports/installs the specified keys and certificates from the incoming archive stream. The archive stream should be the contents of a .tgz file that may contain more keys and certificates than what will be imported/installed. BIG-IP_v9.0
is_fips_available Checks to see if the device supports FIPS security. BIG-IP_v9.0
key_certificate_import_from_pem Note: This method is intended for internal F5 use (hence, no guarantees are made about its operation or existence). Please use key_import_from_pem and certificate_import_from_pem for importing keys and certificates. Imports/installs the specified keys and certificates from the given PEM-formatted data. BIG-IP_v11.5.0
key_delete Deletes/uninstalls the specified keys. BIG-IP_v9.0
key_export_to_file Exports the specified keys to the given files. BIG-IP_v9.0
key_export_to_pem Exports the specified keys to PEM-formatted data. BIG-IP_v9.0
key_generate Note that this method has been deprecated as of v11.5.0. Please use method key_generate_v2. Generates the specified keys. BIG-IP_v9.0
key_generate_v2 Generates the specified keys. This method also supports generating EC keys/certificates. BIG-IP_v11.5.0
key_import_from_file Imports/installs the specified keys from the given files. BIG-IP_v9.0
key_import_from_pem Import/install of specified keys from PEM-formatted data can be done using key_import_from_pem_v2(), which provides an option to specify security type. Hence this method is deprecated. BIG-IP_v9.0
key_import_from_pem_v2 Imports/installs the specified keys from the given PEM-formatted data. BIG-IP_v11.5.0
key_to_fips Converts the specified keys to FIPS-enabled keys. BIG-IP_v9.0
pkcs12_import_from_file Note that this method has been deprecated as of v11.5.0. Please use method pkcs12_import_from_file_v2. Importing/installing pkcs12 (Public Key Cryptography Standard #12) files can be done using pkcs12_import_from_file_v2(), which provides an option to specify security type of the key. BIG-IP_v9.0
pkcs12_import_from_file_v2 Imports/installs the specified pkcs12 (Public Key Cryptography Standard #12) information from the given files. This includes keys and certificates, and each file is optionally password-encrypted. The user can select security type for the key. BIG-IP_v11.5.0
remove_all_certificate_validators Removes all certificate validators from the specified certificates. BIG-IP_v13.0.0
remove_certificate_validator Removes certificate validators from the specified certificates. BIG-IP_v13.0.0
set_certificate_status_validation_options Sets the certificate status validation options for the specified certificates. If a certificate is associated with a certificate validator (using add_certificate_validator) and the certificate status validation option is set accordingly, then the certificate&aposs status will be monitored and updated by the certificate validator. The default value is CERT_OPTION_NONE. BIG-IP_v13.0.0
set_issuer_certificate Sets the issuer certificates for the specified certificates. If a certificate is monitored by a certificate validator, its issuer certificate is required; sometimes the certificate file itself already contains its issuer certificate - if not, then it needs to be configured using this method. BIG-IP_v13.0.0

Structures

Structure

Description

Certificate

A struct that describes the basic information of a certificate, typically used when creating the certificate.

CertificateDetail

Note that this structure has been deprecated as of v11.5.0. Please use structure CertificateDetail_v2. A struct that describes the detailed information of a certificate.

CertificateDetail_v2

A struct that describes the detailed information of a certificate.

CertificateExtension

A struct that describes the certificate extension type and the value.

CertificateInformation

Note that this structure has been deprecated as of v11.5.0. Please use structure CertificateInformation_v2. A struct that describes the full information of a certificate.

CertificateInformation_v2

A struct that describes the full information of a certificate.

CertificateRequest

A struct that describes the basic information of a certificate request, typically used when creating the certificate request.

CertificateRequestInformation

Note that this structure has been deprecated as of v11.5.0. Please use structure CertificateRequestInformation_v2. A struct that describes the full information of a certificate request.

CertificateRequestInformation_v2

A struct that describes the full information of a certificate request.

CertificateRequestInformation_v3

A struct that describes the full information of a certificate request.

CertificateRequest_v2

A struct that describes the basic information of a certificate request, typically used when creating the certificate request.

CertificateValidationStatus

A struct that describes the status of the status of a certifiate and its validator.

Key

Note that this structure has been deprecated as of v11.5.0. Please use structure Key_v2. A struct that describes the basic information of a key, typically used when creating the key.

KeyInformation

Note that this structure has been deprecated as of v11.5.0. Please use structure KeyInformation_v2. A struct that describes the full information of a key, typically returned when querying the key.

KeyInformation_v2

A struct that describes the full information of a key, typically returned when querying the key.

Key_v2

A struct that describes the basic information of a key, typically used when creating the key.

X509Data

A struct that describes the information of the x509 data that our key/certificate management library will read from or include in a certificate.


Enumerations


Exceptions

Exception Description

Constants

Constant Type Value Description

Aliases


See Also

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.