terraform-provider-bigip icon indicating copy to clipboard operation
terraform-provider-bigip copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

In Our WAF architecture we need to configure the traffic certificates from the System menu

Open rakotkar0608 opened this issue 3 years ago • 4 comments

In Our WAF architecture we need to configure the traffic certificates from the System menu

We are automating the F5 WAF configuration using terraform. We need to assign device and traffic certificates to WA but we are using tmsh commands in bigip_command resource type to perform certificate related activities as there are no Terraform F5 resource types to perform certificate related activities. Please help to create BIGIP terraform resource type to perform below waf certificates related activities.

  • Resources type to add certificate
  • Resources type to add certificate key
  • Resources type to add cert chain
  • Resources type to add traffic-certs

rakotkar0608 avatar Sep 16 '22 08:09 rakotkar0608

@rakotkar0608 Are you referring to SSL certs for virtual Servers? If yes, have you tried the below resources

https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_ssl_certificate https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_ssl_key

anesh avatar Sep 19 '22 20:09 anesh

@rakotkar0608 as suggested by @anesh did u try ?

RavinderReddyF5 avatar Sep 27 '22 08:09 RavinderReddyF5

we are checking it and let you know

rakotkar0608 avatar Sep 27 '22 08:09 rakotkar0608

We have these 2 providers that are working to configure traffic certificates and keys. We want provider to configure device certificates and keys (self sign certificates for WAF FQDN).

rakotkar0608 avatar Sep 29 '22 06:09 rakotkar0608

Hi, please try DO: https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/ and https://clouddocs.f5.com/products/orchestration/ansible/devel/f5_bigip/modules_2_0/bigip_as3_deploy_module.html#bigip-as3-deploy-module-2

Closing this request now. Please re-open if required or send an email to [[email protected]](mailto:[email protected]). Thanks!

KrithikaChidambaram avatar Feb 21 '23 12:02 KrithikaChidambaram

Hi @rakotkar0608,

Just to confirm "Resources type to add traffic-certs" is traffic certificate and key and not device? If yes, we already have the resources: https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_ssl_certificate

pgouband avatar Sep 13 '23 16:09 pgouband

Hi @rakotkar0608,

In order to configure device certificates and keys , we can use DO resource: https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_do

For example below is the Declaration for updating Device Certificate:

{ "schemaVersion": "1.0.0", "class": "Device", "Common": { "class": "Tenant", "hostname": "bigip.example.com", "deviceCertificate": { "class": "DeviceCertificate", "certificate": { "base64": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkY1IEZBS0UgQ0VSVElGSUNBVEUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" }, "privateKey": { "base64": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpGNSBGQUtFIFBSSVZBVEUgS0VZCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" } } } }

prateekramani avatar Dec 12 '23 08:12 prateekramani