sys file ssl-key¶

sys file ssl-key(1) BIG-IP TMSH Manual sys file ssl-key(1)

NAME
ssl-key - Manages a SSL certificate key file.

MODULE
sys file

SYNTAX
Configure the ssl-key component within the sys file module using the syntax shown in the following sections.

CREATE/MODIFY
create ssl-key [name]
modify ssl-key [name]
options:
app-service [[string] | none]
source-path [URL]
passphrase [passphrase]

edit ssl-key [ [ [name] | [glob] | [regex] ] ... ]

DISPLAY
list ssl-key
list ssl-key [ [ [name] | [glob] | [regex] ] ... ]

DELETE
delete ssl-key [name]

DESCRIPTION
You can use the ssl-key component to create, edit, delete, list or modify an SSL certificate key file.

EXAMPLES
create ssl-key new-key source-path http:/cert-server/cert_store/certs/cert1.key

Downloads the certificate-key file from the given URL into file-store and creates an SSL certificate key file
named new-key. Saves the given URL in the source-path attribute.

create ssl-key new-key source-path file:/shared/save/cert1.key

Specifies the location of the file on the local disk. Use this when the file has already been created on the
local disk.

SUPPORTED URL FORMAT
Supported URL schemes are HTTP, HTTPS, FTP, FTPS, and FILE.

OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.

checksum
A cryptographic hash or checksum of the file contents for use in verification of file integrity.

create-time
Specifies the time at which the file-object was created.

created-by
Specifies the user who originally created the file-object.

key-size
Specifies the size of the cryptographic key associated with this file object, in bits.

key-type
Specifies the cryptographic type of the key in question. That is, which algorithm this key is compatible
with.

The options are:

rsa-private
The key is an RSA private key.

dsa-private
The key is a DSA based private key.

last-update-time
Specifies the last time at which the file-object was updated/modified.

mode Specifies the UNIX file permissions mode for the file associated with this file-object as a numerical
value.

passphrase [passphrase]
Specifies an optional passphrase with which the key has been protected. It may be used by consumers of
the key in the data-plane or control-plane to decrypt it.

revision
Specifies the latest revision of the file. The revision starts with 1 and gets incremented on each
update.

security-type
Specifies the type of security used to handle or store the key.

The options are:

normal
The key resides in a standard form on the file-system. This is the default value.

fips The key is protected by a FIPS device on the system and is only applicable to devices with FIPS
support.

password
Specifies that the key is protected by a passphrase and stored in encrypted form.

nethsm
The key is protected by a FIPS device outside the system.

size Specifies the size (in bytes) of the file associated with this file object.

source-path [URL]
This attribute takes a URL, for example:

source-path http://cert-server/cert_store/certs/vs_132.key

source-path https://cert-server/cert_store/certs/vs_132.key

source-path ftp://username:password@server/cert_store/certs/vs_132.key

updated-by
Specifies the user who last updated the file-object.

SEE ALSO
create, delete, edit, glob, list, ltm profile client-ssl, ltm profile server-ssl, modify, regex, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

BIG-IP 2015-07-22 sys file ssl-key(1)