SSL Object Management¶
Overview¶
Use this API to manage SSL objects from BIG-IQ. For example, this API can be used to get a list of all the management tasks for SSL objects, create a new certificate and key, replace an existing certificate and key, add a key or certificate or CSR from a saved file, or create a certificate signing request (CSR) or certificate revocation list (CRL).
REST Endpoint: /mgmt/cm/adc-core/tasks/certificate-management¶
Requests¶
GET /mgmt/cm/adc-core/tasks/certificate-management¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| administratorEmail | string | Administrator’s email address. |
| command | string | Specifies the action performed by the task. This field can have one of the following values: ADD_CERT, ADD_CRL, ADD_KEY, ASSOCIATE_CERT, ASSOCIATE_CRL, ASSOCIATE_KEY, ADD_PKCS12, GENERATE_CERT, GENERATE_CSR, GENERATE_KEY, GEN_REPLACE_CERT, GEN_REPLACE_CSR, REPLACE_KEY, REPLACE_CERT, REPLACE_CRL or REPLACE_PKCS12. See the table in the command section for an explanation of these values. |
| commonName | string | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| country | string | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| certReference | object | Reference to a certificate config object. Depending upon the task, this might reference a certificate being replaced or provide a pointer to a new certificate object. |
| id | string | GUID identifier |
| kind | string | The kind of item. |
| name | string | Name of a certificate config object. |
| partition | string | Common |
| link | string | A url to the certificate config object. |
| crlReference | object | Reference to a CRL object. Depending upon the task, this might reference a CRL being replaced or provide a pointer to a new CRL object. |
| id | string | GUID identifier |
| name | string | Name of a CRL config object. |
| partition | string | Common |
| link | string | A url to the CRL config object. |
| csrReference | object | Reference to a CSR object. Depending upon the task, this might reference a CSR being replaced or provide a pointer to a new CSR object. |
| id | string | GUID identifier |
| name | string | Name of a CSR config object. |
| partition | string | Common |
| link | string | A url to the CSR config object. |
| csrText | string | Text of CSR in PEM-encoded format. |
| division | string | Division used to identify the subject of the certificate or CSR. |
| durationInDays | number | Duration of certificate in days. Used only when generating a certificate. |
| string | Email address used to identify the subject of the certificate or CSR. | |
| endDateTime | string | Ending date and time of task. |
| filePath | string | File path to a file being added to system. The file must have already been uploaded. |
| id | string | GUID identifier of task. |
| identityReferences | object | References to users provided as links. |
| link | string | Url to user. |
| itemName | string | Name of a config object. The user provides itemName, itemPartition, and optionally itemSubPath in operations that creates a new config object. |
| itemPartition | string | Common. The user provides itemName, itemPartition, and optionally itemSubPath in operations that creates a new config object. |
| itemSubPath | string | SubPath of a config object. The user provides itemName, itemPartition, and optionally itemSubPath in operations that creates a new config object. |
| keyReference | object | Reference to a key. Depending upon the task, this might reference a key being replaced or provide a pointer to a new key. |
| id | string | GUID identifier |
| kind | string | The kind of item. |
| name | string | Name of a key config object. |
| partition | string | Common |
| link | string | A url to the key config object. |
| keySize | number | Size of key in bits. |
| keyType | string | Type of security system. For example, “RSA”. |
| locality | string | Locality used to identify the subject of the certificate or CSR. |
| organization | string | Name of organization used to identify the subject of the certificate or CSR. |
| ownerMachineId | string | GUID identifier |
| progress | string | Progress of task. |
| selfLink | string | Reference link to task. |
| state | string | State used to identify the subject of the certificate or CSR. |
| status | string | Current state of task. For example, “STARTED” or “FINISHED”. |
| subjectAlternativeName | string | Alternative name |
| username | string | Name of user that started the task. |
| userReference | object | Reference to user which started task. |
| link | string | A url to user which started task. |
Permissions¶
| Role | Allow |
|---|---|
| ADC_Certificate_Editor | Yes |
| ADC_Certificate_Viewer | Yes |
POST /mgmt/cm/adc-core/tasks/certificate-management¶
Send POST requests to the certificate-management collection to perform management actions on SSL objects.
Request Parameters¶
The request parameters in a POST request will depend upon the specific SLL management action you are requesting.
| Name | Type | Required | Description |
|---|---|---|---|
| administratorEmail | string | False | Administrator’s email address. |
| certReference | object | Required if command is GEN_REPLACE_CERT or REPLACE_CERT. Required if keyReference is not present and command is REPLACE_PKCS12. | Reference to a certificate config object. Depending upon the task, this might reference a certificate being replaced or provide a pointer to a new certificate object. |
| id | string | False | GUID identifier |
| kind | string | False | The kind of item. |
| name | string | False | Name of a certificate config object. |
| partition | string | False | Common |
| link | string | Required if command is GEN_REPLACE_CERT or REPLACE_CERT. Required if keyReference is not present and command is REPLACE_PKCS12. | Reference url to certificate. |
| challengePassword | string | False | Password |
| command | string | Required | Specifies the action performed by the task. This field can have one of the following values: ADD_CERT, ADD_CRL, ADD_KEY, ASSOCIATE_CERT, ASSOCIATE_CRL, ASSOCIATE_KEY, ADD_PKCS12, GENERATE_CERT, GENERATE_CSR, GENERATE_KEY, GEN_REPLACE_CERT, GEN_REPLACE_CSR, REPLACE_KEY, REPLACE_CERT, REPLACE_CRL or REPLACE_PKCS12. See the table in the command section for an explanation of these values. |
| commonName | string | Required if command is GENERATE_CERT, GENERATE_CSR, GEN_REPLACE_CERT or GEN_REPLACE_CSR. | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| country | string | False | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| crlReference | object | Required if command is ASSOCIATE_CRL. | Reference to a CRL object. Depending upon the task, this might reference a CRL being replaced or provide a pointer to a new CRL object. |
| id | string | False | GUID identifier |
| name | string | False | Name of a CRL config object. |
| partition | string | False | Common |
| link | string | Required if command is ASSOCIATE_CRL. | A url to the CRL config object. |
| csrReference | object | Required if command is GEN_REPLACE_CSR. | Reference to a CSR object. Depending upon the task, this might reference a CSR being replaced or provide a pointer to a new CSR object. |
| id | string | False | GUID identifier |
| name | string | False | Name of a CSR config object. |
| partition | string | False | Common |
| link | string | Required if command is GEN_REPLACE_CSR. | A url to the CSR config object. |
| division | string | False | Division used to identify the subject of the certificate or CSR. |
| durationInDays | number | False | Duration of certificate in days. Used only when generating a certificate. |
| string | False | Email address used to identify the subject of the certificate or CSR. | |
| filePath | string | Required if command is ADD_CERT, ADD_CRL, ADD_KEY, ADD_PKCS12, ASSOCIATE_CRL, ASSOCIATE_KEY, REPLACE_CERT, REPLACE_KEY or REPLACE_PKCS12. | File path to a file being added to system. The file must have already been uploaded. |
| issuer | string | False | Issuer of key. |
| itemName | string | Required if command is ADD_CERT, ADD_CRL, ADD_KEY, ADD_PKCS12, GENERATE_CERT, GENERATE_CSR or GENERATE_KEY. | Name of a config object. The user provides itemName, itemPartition, and optionally itemSubPath in operations that creates a new config object. |
| itemPartition | string | Required if command is ADD_CERT, ADD_CRL, ADD_KEY, ADD_PKCS12, GENERATE_CERT, GENERATE_CSR or GENERATE_KEY. | Common |
| keyCurveName | string | Only used for ECDSA keyType. | Name of elliptical curve key parameters. |
| keyPassphrase | string | Required if key is encrypted and command is ADD_CRL, ADD_KEY, ASSOCIATE_KEY or REPLACE_KEY. | Pass phrase of key. |
| keyReference | object | Required if command is ASSOCIATE_KEY or REPLACE_KEY. Required if full key parameters are not provided and command is GENERATE_CERT, GENERATE_CSR, GEN_REPLACE_CERT or GEN_REPLACE_CSR. Required if certReference is not present and command is REPLACE_PKCS12. | Reference to a key, provided as a link. |
| id | string | False | GUID identifier |
| kind | string | False | The kind of item. |
| name | string | False | Name of a key config object. |
| partition | string | False | Common |
| link | string | Required if command is ASSOCIATE_KEY or REPLACE_KEY. Required if full key parameters are not provided and command is GENERATE_CERT, GENERATE_CSR, GEN_REPLACE_CERT or GEN_REPLACE_CSR. Required if certReference is not present and command is REPLACE_PKCS12. | A url to the key config object. |
| keySize | number | Required if keyType is dsa-private or rsa-private and if command is GEN_REPLACE_CERT, GEN_REPLACE_CSR, GENERATE_CERT, GENERATE_CSR or GENERATE_KEY. | Size of key in bits. |
| keyType | string | Required when keyReference not given and command is GENERATE_CERT, GEN_REPLACE_CERT, or GENERATE_CSR. | Type of security system. This can be “RSA”, “ECDSA”, or “DSA”. |
| locality | string | False | Locality used to identify the subject of the certificate or CSR. |
| organization | string | False | Name of organization used to identify the subject of the certificate or CSR. |
| securityType | string | False | Security system. For example, “password”. |
| state | string | False | State used to identify the subject of the certificate or CSR. |
| subjectAlternativeName | string | False | Alternative name |
command¶
The command field specifies the action which is to be performed by the task. The command field can have one of the following values.
| Value | Meaning |
|---|---|
| ADD_CERT | Creates a new certificate using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the certificate’s naming, path, and partition properties. BIG-IQ adds a file object and creates a new certificate object which references the file object. |
| ADD_CRL | Creates a new certificate revocation list (CRL) using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the CRL’s naming, path, and partition properties. BIG-IQ adds a file object and creates a new CRL object which references the file object. |
| ADD_KEY | Creates a new key using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the key’s naming, path, and partition properties. BIG-IQ adds a file object and creates a new key object which references the file object. |
| ADD_PKCS12 | Adds one key and one certificate or certificate bundle from a PKCS#12 file. You provide PKCS#12 file and object naming parameters. The task fails if the PKCS#12 file doesn’t include exactly one key or includes 0 certificates. |
| ASSOCIATE_CERT | Associates a file and an unmanaged certificate object imported from a BIG-IP. You provide file and reference for the unmanaged certificate object. BIG-IQ verifies the file, adds a file object, and completes the certificate object by using a reference to the file object. This enables the certificate to be deployed by the BIG-IQ. |
| ASSOCIATE_CRL | Associates a file and an unmanaged certificate revocation list (CRL) object imported from a BIG-IP. You provide file and reference to the unmanaged CRL object. BIG-IQ verifies the file, adds a file object, and completes the CRL by using a reference to the file object. This enables the CRL to be deployed by the BIG-IQ. |
| ASSOCIATE_KEY | Associates a file and an unmanaged key object imported from a BIG-IP. You provide file and reference to the unmanaged key object. BIG-IQ verifies the file, adds a file object, and completes the key by using a reference to the file object. This enables the key to be deployed by the BIG-IQ. |
| GENERATE_CERT | Creates a new certificate object. You provide the certificate’s naming and property parameters. If you specify the key by the keyReference of an existing key object, that key is used to generate the new certificate. If you specify the key property parameters, a new key is generated and used to generate the new certificate. A file is created and stored in object storage and a new object is created referencing the file. |
| GENERATE_CSR | Creates a new certificate signing request (CSR) object. You provide the CSR’s naming and property parameters. If you specify the key by the keyReference of an existing key object, that key is used to generate the new CSR. If you specify the key property parameters, a new key is generated and used to generate the new CSR. The value of csrText will be set to the PEM representation of the CSR. The CSR does not have a file object. |
| GENERATE_KEY | Creates a new key object. You provide key naming and property parameters. A new key file is created and stored in object storage and a new key object is created referencing the key file. |
| GEN_REPLACE_CERT | Generates a new certificate and then replaces an existing certificate with the new certificate. You provide the certReference for the existing certificate. If you specify the key by the keyReference for an existing key object, that key is used to generate the new certificate. If you specify the key property parameters, a new key is generated and is used to generate the new certificate. The new certificate replaces the old certificate. A file is created and stored in object storage and a new object is created referencing the file. |
| GEN_REPLACE_CSR | Generates a new certificate signing request (CSR) and then replaces an existing CSR with the new CSR. You provide the csrReference for the existing CSR. If you specify the key by the keyReference for an existing key object, that key is used to generate the new CSR. If you specify the key property parameters, a new key is generated and is used to generate the new CSR. The new CSR replaces the old CSR. The value of csrText will be set to the PEM representation of the CSR. The CSR does not have a file object. |
| REPLACE_CERT | Replaces an existing certificate object using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the certReference for the existing certificate object. BIG-IQ adds a file object and replaces the existing certificate object. |
| REPLACE_CRL | Replaces an existing certificate revocation list (CRL) object using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the crlReference for the existing CRL object. BIG-IQ adds a file object and replaces the existing CRL object. |
| REPLACE_KEY | Replaces an existing key object using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide a keyReference value for an existing key object. BIG-IQ adds a file object and replaces the existing key object. |
| REPLACE_PKCS12 | Replaces one existing key and one existing certificate or certificate bundle using the PKCS#12 file located on the BIG-IQ at /var/config/rest/downloads/. At least one of the certificates or keys must already exist. The task will fail if the PKCS#12 file doesn’t include exactly one key, or if the PKCS#12 file includes 0 certificates. |
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| administratorEmail | string | Administrator’s email address. |
| challengePassword | string | Password |
| command | string | Specifies the action performed by the task. This field can have one of the following values: ADD_CERT, ADD_CRL, ADD_KEY, ASSOCIATE_CERT, ASSOCIATE_CRL, ASSOCIATE_KEY, ADD_PKCS12, GENERATE_CERT, GENERATE_CSR, GENERATE_KEY, GEN_REPLACE_CERT, GEN_REPLACE_CSR, REPLACE_KEY, REPLACE_CERT, REPLACE_CRL or REPLACE_PKCS12. See the table in the command section for an explanation of these values. |
| commonName | string | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| country | string | Standard part of an x509 distinguished name, which identifies the party that is being certified by a certificate. |
| division | string | Division used to identify the subject of the certificate or CSR. |
| durationInDays | number | Duration of certificate in days. Used only when generating a certificate. |
| string | Email address used to identify the subject of the certificate or CSR. | |
| filePath | string | File path to a file being added to system. The file must have already been uploaded. |
| id | string | GUID identifier of task. |
| identityReferences | object | References to users provided as links. |
| link | string | Url to user. |
| itemName | string | Name of a config object. The user provides itemName, itemPartition, and optionally itemSubPath in operations that creates a new config object. |
| itemPartition | string | Common |
| keyReference | object | Reference to a key. Depending upon the task, this might reference a key being replaced or provide a pointer to a new key. |
| id | string | GUID identifier |
| name | string | Name of key file. |
| partition | string | Common |
| link | string | Reference link to key provided as url. |
| keyPassphrase | string | Pass phrase of key. |
| keySize | number | Size of key in bits. |
| keyType | string | Type of security system. For example, “RSA”. |
| locality | string | Locality used to identify the subject of the certificate or CSR. |
| organization | string | Name of organization used to identify the subject of the certificate or CSR. |
| ownerMachineId | string | GUID identifier |
| selfLink | string | Reference link to task. |
| state | string | State used to identify the subject of the certificate or CSR. |
| status | string | Progress of task. For example, “STARTED” or “FINISHED”. |
| subjectAlternativeName | string | Alternative name |
| userReference | object | Reference to user |
| link | string | Reference link to user provided as url. |
Permissions¶
| Role | Allow |
|---|---|
| ADC_Certificate_Editor | Yes |
DELETE /mgmt/cm/adc-core/tasks/certificate-management/<id>¶
To remove a specific task from the certificate-management collection, send a DELETE request to the task’s id.
Request Parameters¶
None
Query Parameters¶
None
Response¶
HTTP/1.1 200 OK
Lists the JSON for the removed task, which look similar to the GET response.
Permissions¶
| Role | Allow |
|---|---|
| ADC_Certificate_Editor | Yes |
Examples¶
POST to create a new certificate¶
To create a new certificate, you can send a POST request to the certificate-management collection. In the following example, the value of command is GENERATE_CERT, and the certificate’s naming and property parameters and the key’s property parameters are provided in the body of the POST request. This generates a new key which is used to create the new certificate.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example. This example generates both a certificate and a RSA key.
{
"issuer": "Self",
"itemName": "TestCert1.crt",
"itemPartition": "Common",
"durationInDays": 365,
"country": "US",
"commonName": "TestCert1CommonName",
"division": "ADC",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"email": "j.doe@company.com",
"subjectAlternativeName": "DNS:company.com",
"securityType": "password",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "123",
"administratorEmail": "",
"challengePassword": "",
"command": "GENERATE_CERT"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "GENERATE_CERT",
"itemName": "TestCert1.crt",
"itemPartition": "Common",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "123",
"commonName": "TestCert1CommonName",
"division": "ADC",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"country": "US",
"email": "j.doe@company.com",
"subjectAlternativeName": "DNS:company.com",
"durationInDays": 365,
"administratorEmail": "",
"challengePassword": "",
"id": "04c6a7d3-a573-44be-a983-ef30ff9a40fd",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "d059100d-e0cf-47cb-988b-1359109a2c5f",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547247436188189,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/04c6a7d3-a573-44be-a983-ef30ff9a40fd"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/04c6a7d3-a573-44be-a983-ef30ff9a40fd
When the value of status in a GET response is “FINISHED”, the response can include a certReference and keyReference similar to the following.
{
"administratorEmail": "",
"certReference": {
"id": "d5858667-2ac9-3a6e-b35f-49aad0bf805a",
"name": "TestCert1.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/d5858667-2ac9-3a6e-b35f-49aad0bf805a"
},
"command": "GENERATE_CERT",
"commonName": "TestCert1CommonName",
"country": "US",
"division": "ADC",
"durationInDays": 365,
"email": "j.doe@company.com",
"endDateTime": "2019-01-11T14:57:18.100-0800",
"filePath": "/tmp/cert-mgmt-287431963211576486/TestCert1.crt",
"generation": 11,
"id": "04c6a7d3-a573-44be-a983-ef30ff9a40fd",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "TestCert1.crt",
"itemPartition": "Common",
"keyReference": {
"id": "c58662fd-6cee-37c6-bcc4-a01d701938d7",
"name": "TestCert1.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/c58662fd-6cee-37c6-bcc4-a01d701938d7"
},
"keySize": 2048,
"keyType": "RSA",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547247438150846,
"locality": "Seattle",
"organization": "BIG-IQ",
"ownerMachineId": "d059100d-e0cf-47cb-988b-1359109a2c5f",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/04c6a7d3-a573-44be-a983-ef30ff9a40fd",
"startDateTime": "2019-01-11T14:57:16.220-0800",
"state": "WA",
"status": "FINISHED",
"subjectAlternativeName": "DNS:company.com",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to create and replace a certificate¶
To generate a new certificate and replace an existing certificate with the new certificate, you can send a POST to the certificate-management collection with the value of command set to GEN_REPLACE_CERT. The certReference value specifies the certificate object to be replaced, and in the following example, the keyReference value specifies the existing key object to be used to generate the new certificate.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The body of the POST request can look similar to the following. This example replaces the certificate and key created in the previous example. The original value of division is replaced with “ADC2”.
{
"commonName": "TestCert1CommonName",
"issuer": "Self",
"durationInDays": 365,
"division": "ADC2",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"country": "US",
"email": "j.doe@company.com",
"subjectAlternativeName": "DNS:company.com, email:j.doe@company.com",
"keyReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/c58662fd-6cee-37c6-bcc4-a01d701938d7"
},
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/d5858667-2ac9-3a6e-b35f-49aad0bf805a"
},
"command": "GEN_REPLACE_CERT"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "GEN_REPLACE_CERT",
"commonName": "TestCert1CommonName",
"division": "ADC2",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"country": "US",
"email": "j.doe@company.com",
"subjectAlternativeName": "DNS:company.com, email:j.doe@company.com",
"durationInDays": 365,
"keyReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/c58662fd-6cee-37c6-bcc4-a01d701938d7"
},
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/d5858667-2ac9-3a6e-b35f-49aad0bf805a"
},
"id": "9d25451b-a50f-4193-89da-5150c49fadcc",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "d059100d-e0cf-47cb-988b-1359109a2c5f",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547249016458200,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/9d25451b-a50f-4193-89da-5150c49fadcc"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/9d25451b-a50f-4193-89da-5150c49fadcc
The replacement with the new certificate is finished once the value of status in a GET response is “FINISHED”. A file is created and stored in object storage and a new object is created referencing the file.
POST to create a key from file¶
To create a key using a file located on the BIG-IQ you can send a POST request to the certificate-management collection. The value of command is ADD_KEY and the key’s naming properties have been provided in the body of the POST request. You should first upload a copy of the file from your computer to /var/config/rest/downloads/import_from_bigiq.key on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"filePath": "/var/config/rest/downloads/import_from_bigiq.key",
"itemName": "import_from_bigiq.key",
"itemPartition": "Common",
"command": "ADD_KEY"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ADD_KEY",
"itemName": "import_from_bigiq.key",
"itemPartition": "Common",
"filePath": "/var/config/rest/downloads/import_from_bigiq.key",
"id": "6ddf7eb1-7d5d-4781-b30f-e07c900034da",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547487861702217,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/6ddf7eb1-7d5d-4781-b30f-e07c900034da"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/6ddf7eb1-7d5d-4781-b30f-e07c900034da
When the value of status in a GET response is “FINISHED”, the response will include a keyReference similar to the following.
{
"command": "ADD_KEY",
"endDateTime": "2019-01-14T09:44:22.395-0800",
"filePath": "/var/config/rest/downloads/import_from_bigiq.key",
"generation": 10,
"id": "6ddf7eb1-7d5d-4781-b30f-e07c900034da",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "import_from_bigiq.key",
"itemPartition": "Common",
"keyReference": {
"id": "ed0168ee-696f-3036-8266-7b81c4840246",
"name": "import_from_bigiq.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/ed0168ee-696f-3036-8266-7b81c4840246"
},
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547487862446119,
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/6ddf7eb1-7d5d-4781-b30f-e07c900034da",
"startDateTime": "2019-01-14T09:44:21.720-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to create a certificate from file¶
To create a certificate from a file located on the BIG-IQ you can send a POST request to the certificate-management collection. The value of command is ADD_CERT and the certificate’s naming properties have been provided in the body of the POST request. You should first upload a copy of the file from your computer to /var/config/rest/downloads/import_from_bigiq.crt on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"filePath": "/var/config/rest/downloads/import_from_bigiq.crt",
"itemName": "import_from_bigiq.crt",
"itemPartition": "Common",
"command": "ADD_CERT"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ADD_CERT",
"itemName": "import_from_bigiq.crt",
"itemPartition": "Common",
"filePath": "/var/config/rest/downloads/import_from_bigiq.crt",
"id": "58ef3796-06ee-4d7c-aa3c-2db195015c0b",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547488105527870,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/58ef3796-06ee-4d7c-aa3c-2db195015c0b"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/58ef3796-06ee-4d7c-aa3c-2db195015c0b
When the value of status in a GET response is “FINISHED”, the response will include a certReference similar to the following.
{
"certReference": {
"id": "9c6dfe1c-7d89-3447-bf35-e58c88904a7c",
"name": "import_from_bigiq.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/9c6dfe1c-7d89-3447-bf35-e58c88904a7c"
},
"command": "ADD_CERT",
"endDateTime": "2019-01-14T09:48:26.244-0800",
"filePath": "/var/config/rest/downloads/import_from_bigiq.crt",
"generation": 10,
"id": "58ef3796-06ee-4d7c-aa3c-2db195015c0b",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "import_from_bigiq.crt",
"itemPartition": "Common",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547488106294973,
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/58ef3796-06ee-4d7c-aa3c-2db195015c0b",
"startDateTime": "2019-01-14T09:48:25.546-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to create a new CSR¶
To create a new certificate signing request (CSR), send a POST request to the certificate-management collection. The value of command in the body of the request is GENERATE_CSR. In the following example, the key property parameters are specified in the body of the request which means a new key is generated and used to generate the new CSR. The value of csrText is set to the PEM representation of the CSR. The CSR does not have a file object.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"issuer": "Certificate Authority",
"itemName": "JohnCSR.csr",
"itemPartition": "Common",
"durationInDays": 365,
"country": "US",
"commonName": "JohnCSR.com",
"division": "ADC",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"email": "j.doe@company.com",
"subjectAlternativeName": "IP:1.1.1.1",
"securityType": "password",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "1234",
"administratorEmail": "",
"challengePassword": "",
"command": "GENERATE_CSR"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "GENERATE_CSR",
"itemName": "JohnCSR.csr",
"itemPartition": "Common",
"keyType": "RSA",
"keySize": 2048,
"keyPassphrase": "1234",
"commonName": "JohnCSR.com",
"division": "ADC",
"organization": "BIG-IQ",
"locality": "Seattle",
"state": "WA",
"country": "US",
"email": "j.doe@company.com",
"subjectAlternativeName": "IP:1.1.1.1",
"durationInDays": 365,
"administratorEmail": "",
"challengePassword": "",
"id": "57a2f81d-7fec-4688-b290-2887ec28598f",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547488940252735,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/57a2f81d-7fec-4688-b290-2887ec28598f"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/57a2f81d-7fec-4688-b290-2887ec28598f
When the value of status in a GET response is “FINISHED”, the response will include a csrReference similar to the following.
{
"administratorEmail": "",
"command": "GENERATE_CSR",
"commonName": "JohnCSR.com",
"country": "US",
"csrReference": {
"id": "d4529e8b-3255-3fad-855e-bc3093666434",
"name": "JohnCSR.csr",
"kind": "cm:adc-core:working-config:sys:file:ssl-csr:adcsslcsrstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-csr/d4529e8b-3255-3fad-855e-bc3093666434"
},
"csrText": "----BEGIN CERTIFICATE REQUEST---\nMIIC9... omitted from example ...98jZ0cPYqeew==\n---END CERTIFICATE REQUEST----\n",
"division": "ADC",
"durationInDays": 365,
"email": "j.doe@company.com",
"endDateTime": "2019-01-14T10:02:21.103-0800",
"filePath": "/tmp/cert-mgmt-3356681390592735341/JohnCSR.key",
"generation": 10,
"id": "57a2f81d-7fec-4688-b290-2887ec28598f",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "JohnCSR.csr",
"itemPartition": "Common",
"keyReference": {
"id": "fc77041e-c80e-3cd0-a9ec-34c3b4ee1c77",
"name": "JohnCSR.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/fc77041e-c80e-3cd0-a9ec-34c3b4ee1c77"
},
"keySize": 2048,
"keyType": "RSA",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547488941154154,
"locality": "Seattle",
"organization": "BIG-IQ",
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/57a2f81d-7fec-4688-b290-2887ec28598f",
"startDateTime": "2019-01-14T10:02:20.271-0800",
"state": "WA",
"status": "FINISHED",
"subjectAlternativeName": "IP:1.1.1.1",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to add PKCS#12 from file¶
To add one key and one certificate or certificate bundle from a PKCS#12 file, you can send a POST request to the certificate-management collection and provide PKCS#12 file and object naming parameters. The value of command in the body of the request must be ADD_PKCS12. The task fails if the PKCS#12 file doesn’t include exactly one key or includes 0 certificates. You should first upload a copy of the file from your computer to /var/config/rest/downloads/john_pkcs12.pfx on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"filePath": "/var/config/rest/downloads/john_pkcs12.pfx",
"itemName": "john_pkcs12.crt",
"itemPartition": "Common",
"command": "ADD_PKCS12"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ADD_PKCS12",
"itemName": "john_pkcs12.crt",
"itemPartition": "Common",
"filePath": "/var/config/rest/downloads/john_pkcs12.pfx",
"id": "b5b1fe59-5593-4d60-93fd-b8d1a6d90def",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547493321483727,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/b5b1fe59-5593-4d60-93fd-b8d1a6d90def"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/b5b1fe59-5593-4d60-93fd-b8d1a6d90def
Note that the value of command will be “ADD_CERT” in the body of the response to the GET. When the value of status in a GET response is “FINISHED”, the response will contain a certReference`and `keyReference similar to the following.
{
"certReference": {
"id": "3d29ad31-9c7d-329a-b62c-93a4bd31e8ce",
"name": "john_pkcs12.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/3d29ad31-9c7d-329a-b62c-93a4bd31e8ce"
},
"command": "ADD_CERT",
"endDateTime": "2019-01-14T11:15:22.568-0800",
"filePath": "/tmp/cert-mgmt-2134770807667108775/john_pkcs12.crt",
"generation": 12,
"id": "b5b1fe59-5593-4d60-93fd-b8d1a6d90def",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "john_pkcs12.crt",
"itemPartition": "Common",
"keyReference": {
"id": "044cef81-2bf0-3d2f-a748-cc68c937a86b",
"name": "john_pkcs12.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/044cef81-2bf0-3d2f-a748-cc68c937a86b"
},
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547493322618971,
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/b5b1fe59-5593-4d60-93fd-b8d1a6d90def",
"startDateTime": "2019-01-14T11:15:21.503-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to add a CRL from file¶
To add a certificate revocation list (CRL) from a file, send a POST request to the certificate-management collection. You provide the CRL’s naming, path, and partition properties. The value of command in the body of the request is ADD_CRL. BIG-IQ adds a file object and creates a new CRL object which references the file object. You should first upload a copy of the file from your computer to /var/config/rest/downloads/john.crl.pem on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"command": "ADD_CRL",
"itemName": "JohnCRL.crl",
"itemPartition": "Common",
"filePath": "/var/config/rest/downloads/john.crl.pem"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ADD_CRL",
"itemName": "JohnCRL.crl",
"itemPartition": "Common",
"filePath": "/var/config/rest/downloads/john.crl.pem",
"id": "ee32b158-84c8-4fd5-94f2-6cfdfac3b13c",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1547500931327370,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/ee32b158-84c8-4fd5-94f2-6cfdfac3b13c"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/ee32b158-84c8-4fd5-94f2-6cfdfac3b13c
When the value of status in a GET response is “FINISHED”, the response will contain a crlReference similar to the following.
{
"command": "ADD_CRL",
"crlReference": {
"id": "ee1ccaa9-bd8d-3a12-b02e-a6319090bde1",
"name": "JohnCRL.crl",
"kind": "cm:adc-core:working-config:sys:file:ssl-crl:adcsslcrlstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-crl/ee1ccaa9-bd8d-3a12-b02e-a6319090bde1"
},
"endDateTime": "2019-01-14T13:22:12.034-0800",
"filePath": "/var/config/rest/downloads/john.crl.pem",
"generation": 10,
"id": "ee32b158-84c8-4fd5-94f2-6cfdfac3b13c",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "JohnCRL.crl",
"itemPartition": "Common",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1547500932084271,
"ownerMachineId": "cc6a840f-b524-45f7-b0ae-affaf6584d7c",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/ee32b158-84c8-4fd5-94f2-6cfdfac3b13c",
"startDateTime": "2019-01-14T13:22:11.348-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
POST to associate a key¶
This example shows how to associates a file and an unmanaged key. You provide a file and reference to the unmanaged key. BIG-IQ verifies the file, adds a file object, and completes the key by using a reference to the file object. This can enable the key to be deployed by the BIG-IQ.
To associate a key, send a POST request to the certificate-management collection. You can provide the keyReference. The value of command in the body of the request is ASSOCIATE_KEY. You should first upload a copy of the file from your computer to testKey1.key on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"command": "ASSOCIATE_KEY",
"filePath": "/var/config/rest/downloads/testKey1.key",
"keyReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
}
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ASSOCIATE_KEY",
"filePath": "/var/config/rest/downloads/testKey1.key",
"keyReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
},
"id": "c215c91c-278b-46c4-949d-fb8a54e8ea5e",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "52cdf28c-da8b-43fa-a16d-d14b7aac53a2",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1550018910966688,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/c215c91c-278b-46c4-949d-fb8a54e8ea5e"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/c215c91c-278b-46c4-949d-fb8a54e8ea5e
POST to associate a certificate¶
This example shows how to associates a file and an unmanaged certificate imported from a BIG-IP. You provide a file and reference to the unmanaged certificate. BIG-IQ verifies the file, adds a file object, and completes the certificate by using a reference to the file object. This can enable the certificate to be deployed by the BIG-IQ.
To associate a certificate, send a POST request to the certificate-management collection. You can provide the certReference. The value of command in the body of the request is ASSOCIATE_CERT. You should first upload a copy of the file from your computer to testCert1.crt on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"command": "ASSOCIATE_CERT",
"filePath": "/var/config/rest/downloads/testCert1.crt",
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
}
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "ASSOCIATE_CERT",
"filePath": "/var/config/rest/downloads/testCert1.crt",
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
},
"id": "c215c91c-278b-46c4-949d-fb8a54e8ea5e",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "52cdf28c-da8b-43fa-a16d-d14b7aac53a2",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1550018910966688,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/c215c91c-278b-46c4-949d-fb8a54e8ea5e"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/c215c91c-278b-46c4-949d-fb8a54e8ea5e
POST to replace a certificate¶
This example shows how to replace an existing certificate using a file located on the BIG-IQ at /var/config/rest/downloads/. You provide the certReference for the existing certificate object. BIG-IQ adds a file object and replaces the existing certificate object.
To replace an existing certificate, send a POST request to the certificate-management collection. You can provide the certReference of the existing certificate. The value of command in the body of the request is REPLACE_CERT. BIG-IQ adds a file object and creates a new certificate object which references the file object. You should first upload a copy of the file from your computer to testCert1.crt on the BIQ-IQ using the File Uploads API.
POST https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management
The JSON in the body of the POST can look similar to the following example.
{
"filePath": "/var/config/rest/downloads/testCert1.crt",
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
},
"command": "REPLACE_CERT"
}
Response¶
The response to the POST can look similar to the following. Note that the body contains the value of the task’s id and an initial status of STARTED.
{
"command": "REPLACE_CERT",
"filePath": "/var/config/rest/downloads/testCert1.crt",
"certReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/f9c055c8-4edd-318c-9c42-ea7f6467c16d"
},
"id": "6d41ad97-fd81-4319-83cd-71e2bfd7a2dc",
"status": "STARTED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"ownerMachineId": "52cdf28c-da8b-43fa-a16d-d14b7aac53a2",
"taskWorkerGeneration": 1,
"generation": 1,
"lastUpdateMicros": 1550019692002062,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/6d41ad97-fd81-4319-83cd-71e2bfd7a2dc"
}
Send repeated GET requests to the task, using the task’s id, until status returns a value of FINISHED. For example for this task:
GET https://192.0.2.242/mgmt/cm/adc-core/tasks/certificate-management/6d41ad97-fd81-4319-83cd-71e2bfd7a2dc
GET a list of all SSL management tasks¶
To get a list of all SSL management tasks, send a GET request to the collection.
GET /mgmt/cm/adc-core/tasks/certificate-management
Response¶
The response will contain an array of SSL management task objects which can look similar to the following example.
{
"items": [{
"command": "GENERATE_CSR",
"commonName": "commonTestKey",
"country": "US",
"csrReference": {
"id": "f47783dd-a24b-3317-a1fa-a65f0ee7d073",
"name": "testKey.csr",
"kind": "cm:adc-core:working-config:sys:file:ssl-csr:adcsslcsrstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-csr/f47783dd-a24b-3317-a1fa-a65f0ee7d073"
},
"csrText": "csr text",
"durationInDays": 365,
"endDateTime": "2018-12-21T12:22:14.054-0800",
"filePath": "/var/config/rest/fileobject/971605be-6444-4aae-8885-f27fafe1e1f3/testKey.key",
"generation": 8,
"id": "ed1f5bb3-ecb5-4132-ac05-3c7be8037975",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "testKey.csr",
"itemPartition": "Common",
"keyReference": {
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/8a630099-22f7-3bde-8aad-a4f9d2722171"
},
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1545423734104858,
"ownerMachineId": "aeba46f0-4f70-4d2a-9c75-2e8153cc0e16",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/ed1f5bb3-ecb5-4132-ac05-3c7be8037975",
"startDateTime": "2018-12-21T12:22:13.634-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
},
{
"administratorEmail": "",
"certReference": {
"id": "38518b00-d03f-3f3d-915d-8cb7ed50bfa9",
"name": "testKey.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/38518b00-d03f-3f3d-915d-8cb7ed50bfa9"
},
"command": "GENERATE_CERT",
"commonName": "commonTestKey",
"country": "US",
"durationInDays": 365,
"endDateTime": "2018-12-21T12:16:45.800-0800",
"filePath": "/tmp/cert-mgmt-1050666908027097303/testKey.crt",
"generation": 11,
"id": "dac6c7e4-759f-4ad7-9b3e-a42280c86727",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "testKey.crt",
"itemPartition": "Common",
"keyReference": {
"id": "8a630099-22f7-3bde-8aad-a4f9d2722171",
"name": "testKey.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/8a630099-22f7-3bde-8aad-a4f9d2722171"
},
"keySize": 2048,
"keyType": "RSA",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1545423405850913,
"ownerMachineId": "aeba46f0-4f70-4d2a-9c75-2e8153cc0e16",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/dac6c7e4-759f-4ad7-9b3e-a42280c86727",
"startDateTime": "2018-12-21T12:16:44.198-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
},
{
"administratorEmail": "",
"certReference": {
"id": "8becfa1a-1a36-3b28-9110-a398ab7623d9",
"name": "gggg.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/8becfa1a-1a36-3b28-9110-a398ab7623d9"
},
"command": "GENERATE_CERT",
"commonName": "fff",
"country": "US",
"durationInDays": 365,
"endDateTime": "2018-12-18T11:45:29.254-0800",
"filePath": "/tmp/cert-mgmt-4695789931197423608/gggg.crt",
"generation": 11,
"id": "e38528b1-5200-463a-b2ad-711496d3357b",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "gggg.crt",
"itemPartition": "Common",
"keyReference": {
"id": "38fb265b-3ce9-3a32-ba54-f973ba6bfda4",
"name": "gggg.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/38fb265b-3ce9-3a32-ba54-f973ba6bfda4"
},
"keySize": 2048,
"keyType": "RSA",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1545162329304908,
"ownerMachineId": "aeba46f0-4f70-4d2a-9c75-2e8153cc0e16",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/e38528b1-5200-463a-b2ad-711496d3357b",
"startDateTime": "2018-12-18T11:45:27.211-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
},
{
"administratorEmail": "",
"certReference": {
"id": "9d1a9138-d391-3b59-8f5d-de0a77ccb8d1",
"name": "dddd.crt",
"kind": "cm:adc-core:working-config:sys:file:ssl-cert:adcsslcertstate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-cert/9d1a9138-d391-3b59-8f5d-de0a77ccb8d1"
},
"command": "GENERATE_CERT",
"commonName": "ddd",
"country": "US",
"durationInDays": 365,
"endDateTime": "2018-12-21T12:15:17.889-0800",
"filePath": "/tmp/cert-mgmt-3393938973695976775/dddd.crt",
"generation": 11,
"id": "e66b038d-4022-4d56-9ca9-a61a0f03944f",
"identityReferences": [{
"link": "https://localhost/mgmt/shared/authz/users/admin"
}],
"itemName": "dddd.crt",
"itemPartition": "Common",
"keyReference": {
"id": "feee40f9-5928-3039-8da7-b474a749c60f",
"name": "dddd.key",
"kind": "cm:adc-core:working-config:sys:file:ssl-key:adcsslkeystate",
"partition": "Common",
"link": "https://localhost/mgmt/cm/adc-core/working-config/sys/file/ssl-key/feee40f9-5928-3039-8da7-b474a749c60f"
},
"keySize": 2048,
"keyType": "RSA",
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskstate",
"lastUpdateMicros": 1545423317939701,
"ownerMachineId": "aeba46f0-4f70-4d2a-9c75-2e8153cc0e16",
"progress": "Finished",
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management/e66b038d-4022-4d56-9ca9-a61a0f03944f",
"startDateTime": "2018-12-21T12:15:16.307-0800",
"status": "FINISHED",
"userReference": {
"link": "https://localhost/mgmt/shared/authz/users/admin"
},
"username": "admin"
}
],
"generation": 42,
"kind": "cm:adc-core:tasks:certificate-management:certmgmttaskcollectionstate",
"lastUpdateMicros": 1545423734108138,
"selfLink": "https://localhost/mgmt/cm/adc-core/tasks/certificate-management"
}