sys file ssl-key
sys file ssl-key(1) BIG-IP TMSH Manual sys file ssl-key(1)
NAME
ssl-key - Manages a SSL certificate key file.
MODULE
sys file
SYNTAX
Configure the ssl-key component within the sys file module using the
syntax shown in the following sections.
CREATE/MODIFY
create ssl-key [name]
modify ssl-key [name]
options:
app-service [[string] | none]
source-path [URL]
passphrase [passphrase]
edit ssl-key [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list ssl-key
list ssl-key [ [ [name] | [glob] | [regex] ] ... ]
DELETE
delete ssl-key [name]
DESCRIPTION
You can use the ssl-key component to create, edit, delete, list or
modify an SSL certificate key file.
EXAMPLES
create ssl-key new-key source-path
http:/cert-server/cert_store/certs/cert1.key
Downloads the certificate-key file from the given URL into file-store
and creates an SSL certificate key file named new-key. Saves the given
URL in the source-path attribute.
create ssl-key new-key source-path file:/shared/save/cert1.key
Specifies the location of the file on the local disk. Use this when the
file has already been created on the local disk.
SUPPORTED URL FORMAT
Supported URL schemes are HTTP, HTTPS, FTP, FTPS, and FILE.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
checksum
A cryptographic hash or checksum of the file contents for use in
verification of file integrity.
create-time
Specifies the time at which the file-object was created.
created-by
Specifies the user who originally created the file-object.
key-size
Specifies the size of the cryptographic key associated with this
file object, in bits.
key-type
Specifies the cryptographic type of the key in question. That is,
which algorithm this key is compatible with.
The options are:
rsa-private
The key is an RSA private key.
dsa-private
The key is a DSA based private key.
last-update-time
Specifies the last time at which the file-object was
updated/modified.
mode Specifies the UNIX file permissions mode for the file associated
with this file-object as a numerical value.
passphrase [passphrase]
Specifies an optional passphrase with which the key has been
protected. It may be used by consumers of the key in the data-
plane or control-plane to decrypt it.
revision
Specifies the latest revision of the file. The revision starts
with 1 and gets incremented on each update.
security-type
Specifies the type of security used to handle or store the key.
The options are:
normal
The key resides in a standard form on the file-system. This
is the default value.
fips The key is protected by a FIPS device on the system and is
only applicable to devices with FIPS support.
password
Specifies that the key is protected by a passphrase and
stored in encrypted form.
nethsm
The key is protected by a FIPS device outside the system.
size Specifies the size (in bytes) of the file associated with this
file object.
source-path [URL]
This attribute takes a URL, for example:
source-path http://cert-server/cert_store/certs/vs_132.key
source-path https://cert-server/cert_store/certs/vs_132.key
source-path
ftp://username:password@server/cert_store/certs/vs_132.key
updated-by
Specifies the user who last updated the file-object.
SEE ALSO
create, delete, edit, glob, list, ltm profile client-ssl, ltm profile
server-ssl, modify, regex, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015. All rights
reserved.
BIG-IP 2015-07-22 sys file ssl-key(1)