My goal: to upload my ssl cert, create a ssl-client profile for my virtual server to use…
So with a lot of digging through old posts and guessing at icontrol rest documentation meaning : I was able to my .pfx file from my locally installed computer - to a .crt and .key uploaded to the f5 ltm (BIG-IP 13.1.1 Build 0.0.4 Final) they show up in the gui like this: (sorry i can't upload an image)
Side note / question: in the past my manual process for setting up ssl-client profiles is using the gui to install the pfx directly - this makes the ssl certificate have both the certificate and key associated with each other:
$params = @{"name"="$nameofprofile";"key"="/Common/$nameofkey";"cert"="/Common/$nameofcert.crt";}
$json = $params | convertto-json
$headers = @{Authorization = $basicAuthValue}
$url = "https://$bigip/mgmt/tm/ltm/profile/client-ssl"
Invoke-WebRequest $url -Method POST -Headers $Headers -Body $json -ContentType "application/json"
This is returning the following error:
Invoke-WebRequest : {"code":400,"message":"010717e3:3: Client SSL profile (/Common/donsTest-ssl-2019): must have RSA certificate/key pair.","errorStack":[],"apiError":3}
Again I am not looking for powershell help (if you can that is great) but if you can help me understand the icontrol rest needed for this process:
I had found this page: https://devcentral.f5.com/wiki/iControlREST.APIRef_tm_ltm_profile_client-ssl.ashx
That says the way above is deprecated:
DEPRECATED - use cert-key-chain option instead.
But I have found no one using this /cert-key-chain array
Perhaps that is the secret?