f5-declarative-onboarding icon indicating copy to clipboard operation
f5-declarative-onboarding copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Unable to update management certificate chain causing invalid certificates.

Open Pacobart opened this issue 3 years ago • 1 comments

Is your feature request related to a problem? Please describe.

We are trying to automate deployments of BIG-IP's in our environment. When using declarative onboarding, we are able to set the management certificate and privateKey but are unable to set the certificate chain.

Describe the solution you'd like

We'd like to pass the chain in order to make our connections to the server secure and not give browser warnings.

 {
    "schemaVersion": "1.0.0",
    "class": "Device",
    "Common": {
        "class": "Tenant",
        "hostname": "f5-bigip-pbb-a.gs.kount.com",
        "deviceCertificate": {
            "class": "DeviceCertificate",
            "certificate": {
                "base64": ""
            },
            "certificateChain": { <--new field
                "base64": ""
            },
            "privateKey": {
                "base64": ""
            }
        }
    }
}

Describe alternatives you've considered

I've tried using the terraform provider but the certificates show up in a partition, not the management section: https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_ssl_certificate Next, I will look into tmsh comands and authenticating using a shell script to update the certificate. This isn't desired long term.

Pacobart avatar Mar 24 '22 21:03 Pacobart

We're also interested in this feature. Using DO has caused me to have to change how we do validation for F5 APIs. Any chance of this making it to a release?

evanatuo avatar Aug 03 '23 13:08 evanatuo