Forum Discussion

Wyko's avatar
Wyko
Icon for Altostratus rankAltostratus
May 09, 2024

Certificate Automation and AS3

Hey everyone! 

 

At my company we have a policy that all private crypto objects must be generated on the target device and never leave it. I am creating a REST-based automation system for the LTM devices, and I am struggling to see how to achieve this using AS3. My desired workflow, from an external server running a python script to send REST commands:

  1. Have the LTM generate a key and store it. This key may never leave the device.
  2. On the device, create a CSR.
  3. Get that CSR and read it from the script, which signs it. 
  4. Upload the signed cert to the device.
  5. Somehow incorporate this into or make it available for use by an AS3 declaration.

Any ideas?

Thanks!

devops

2 Replies

Sort By
  • robert1997b's avatar
    robert1997b
    Icon for Nimbostratus rankNimbostratus
    May 15, 2024

    Creating a REST-based automation system for LTM devices using AS3 while ensuring that private crypto objects are generated and remain on the target device is indeed a complex task. To make the certificate available for use by an AS3 declaration, you will need to reference the uploaded certificate in your AS3 JSON declaration. This involves specifying the certificate name and other relevant details within the AS3 declaration to associate it with the appropriate service or application. Once the key is generated, you can create a Certificate Signing Request (CSR) on the device using the REST API. ADPWorkforceNow

  • Zdenek's avatar
    Zdenek
    Icon for Cirrus rankCirrus
    May 15, 2024

    There is one small consequence of using AS3 - all SSL certs and keys which are not part of declaration must be stored in Common partition. If you're going to use multitenancy with partitions, this is quite a complication.