使用 invoke-webrequest 将 crt 上传到 f5-ltm
upload crt to f5-ltm using invoke-webrequest
我正在尝试将 ssl 证书上传到 f5 REST API,但没有发现任何人使用 powershell 来执行此操作。我已经围绕这个使用 curl f5-Dev-central
的页面设置了 invoke-webrequest
f5 是:BIG-IP 13.1.1 Build 0.0.4 Final
我收到以下错误
Invoke-webrequest : {"code":400,"message":"Chunk byte count 8802 in Content-Range header different from received buffer length 162","originalRequestBody":
这是脚本的一部分:
....
#read the size of the file with the correct encoding
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$file = [IO.File]::ReadAllBytes($pathtofile)
$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
$encodedfile = $enc.GetString($file)
#get range of bytes for entire file in start-end/total format
$range = "0-" + ($encodedfile.Length - 1) + "/" + $encodedfile.Length
#create parts for invoke-webrequest call
#create header json
$headers = @{"Content-Range" = $range; Authorization = $basicAuthValue}
$uri = "https://$bigip/mgmt/shared/file-transfer/bulk/uploads/$nameofcert.crt"
$params = @{'command'="install";'name'="$nameofcert";'from-local-file'=$pathtofile}
$json = $params | ConvertTo-Json
#run the invoke
Invoke-webrequest -Method POST -uri $uri -Headers $Headers -Body $json -ContentType 'application/json'
所以我的问题的标题是上传 crt - 我在 f5 上制作配置文件时仍然遇到问题,但我已经解决了上传文件的问题。
我遇到的另一部分是获取 f5 想要的正确格式的密钥和证书,所以我也会回顾一下我为此所做的工作
我从一个 .pfx 文件开始:(注意我在我的 windows 2016 服务器上安装了 openssl)
openssl pkcs12 -in d:\pathtocert.pfx -out d:\pathtocrtfile.crt -clcerts
openssl pkcs12 -in d:\pathtocert.pfx -out d:\pathtokey.key -nocerts
要将 PEM 中的 crt 转换为 DER 格式,您需要使用 x509 - 这是 f5 所必需的
openssl x509 -inform pem -in d:\pathtocrtfile.crt -outform der -out d:\pathtocrtfile.crt
好的,让我们在 f5 上获取文件(我将避免使用 ftp 或类似的东西 - 并且只利用 icontrol rest)
$site = 'donsTest' # hard coding the name for now / could be passed in as an arg
$year = get-date -UFormat "%Y"
$nameofcert = "$site-cer-$year"
$pair = 'f5user:password'
$pathtofile = 'd:\pathtocrtfile.crt'
$keypath = 'd:\pathtokey.key'
$nameofkey = "$site-key-$year"
$nameofprofile = "$site-ssl-$year"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$bigip = 'iporURLTOF5'
####################################
# get crt file ready for upload
####################################
好的,让我们将此 crt 文件放入我们的 REST 调用body
$file = [IO.File]::ReadAllBytes($pathtofile)
$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
$encodedfile = $enc.GetString($file)
$range = "0-" + ($encodedfile.Length - 1) + "/" + $encodedfile.Length # you need to calculate the size of this file to use in the REST Header
$headers = @{"Content-Range" = $range; Authorization = $basicAuthValue}
$uri = "https://$bigip/mgmt/shared/file-transfer/bulk/uploads/$nameofcert"
$uploadresult = Invoke-webrequest -Method POST -uri $uri -Headers $Headers -Body $encodedfile -ContentType 'application/json' | ConvertFrom-Json
$temppath = $uploadresult.localFilePath
现在文件已上传到 f5 - 我们需要将其作为证书安装在 f5 上
### Add new certificate on the f5 from the file you just uploaded
class cert
{
[string]$command
[string]$name
[string]$fromLocalFile
}
$cert = New-Object -TypeName cert
$cert.command = "install"
$cert.name = $nameofcert
$cert.fromLocalFile = $temppath
$body = $cert | ConvertTo-Json
$headers = @{Authorization = $basicAuthValue}
$url = "https://$bigip/mgmt/tm/sys/crypto/cert"
Invoke-WebRequest $url -method Post -Body $body -Headers $Headers -ContentType "application/json"
除了密钥 installurl 的 url 外,密钥是相同的过程
$url = "https://" + $bigip + "/mgmt/tm/sys/crypto/key"
Invoke-WebRequest $url -method Post -Body $body -Headers $Headers -ContentType "application/json" -Credential $credential | ConvertFrom-Json
我正在尝试将 ssl 证书上传到 f5 REST API,但没有发现任何人使用 powershell 来执行此操作。我已经围绕这个使用 curl f5-Dev-central
的页面设置了 invoke-webrequestf5 是:BIG-IP 13.1.1 Build 0.0.4 Final
我收到以下错误
Invoke-webrequest : {"code":400,"message":"Chunk byte count 8802 in Content-Range header different from received buffer length 162","originalRequestBody":
这是脚本的一部分:
....
#read the size of the file with the correct encoding
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$file = [IO.File]::ReadAllBytes($pathtofile)
$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
$encodedfile = $enc.GetString($file)
#get range of bytes for entire file in start-end/total format
$range = "0-" + ($encodedfile.Length - 1) + "/" + $encodedfile.Length
#create parts for invoke-webrequest call
#create header json
$headers = @{"Content-Range" = $range; Authorization = $basicAuthValue}
$uri = "https://$bigip/mgmt/shared/file-transfer/bulk/uploads/$nameofcert.crt"
$params = @{'command'="install";'name'="$nameofcert";'from-local-file'=$pathtofile}
$json = $params | ConvertTo-Json
#run the invoke
Invoke-webrequest -Method POST -uri $uri -Headers $Headers -Body $json -ContentType 'application/json'
所以我的问题的标题是上传 crt - 我在 f5 上制作配置文件时仍然遇到问题,但我已经解决了上传文件的问题。
我遇到的另一部分是获取 f5 想要的正确格式的密钥和证书,所以我也会回顾一下我为此所做的工作
我从一个 .pfx 文件开始:(注意我在我的 windows 2016 服务器上安装了 openssl)
openssl pkcs12 -in d:\pathtocert.pfx -out d:\pathtocrtfile.crt -clcerts
openssl pkcs12 -in d:\pathtocert.pfx -out d:\pathtokey.key -nocerts
要将 PEM 中的 crt 转换为 DER 格式,您需要使用 x509 - 这是 f5 所必需的
openssl x509 -inform pem -in d:\pathtocrtfile.crt -outform der -out d:\pathtocrtfile.crt
好的,让我们在 f5 上获取文件(我将避免使用 ftp 或类似的东西 - 并且只利用 icontrol rest)
$site = 'donsTest' # hard coding the name for now / could be passed in as an arg
$year = get-date -UFormat "%Y"
$nameofcert = "$site-cer-$year"
$pair = 'f5user:password'
$pathtofile = 'd:\pathtocrtfile.crt'
$keypath = 'd:\pathtokey.key'
$nameofkey = "$site-key-$year"
$nameofprofile = "$site-ssl-$year"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$bigip = 'iporURLTOF5'
####################################
# get crt file ready for upload
####################################
好的,让我们将此 crt 文件放入我们的 REST 调用body
$file = [IO.File]::ReadAllBytes($pathtofile)
$enc = [System.Text.Encoding]::GetEncoding("iso-8859-1")
$encodedfile = $enc.GetString($file)
$range = "0-" + ($encodedfile.Length - 1) + "/" + $encodedfile.Length # you need to calculate the size of this file to use in the REST Header
$headers = @{"Content-Range" = $range; Authorization = $basicAuthValue}
$uri = "https://$bigip/mgmt/shared/file-transfer/bulk/uploads/$nameofcert"
$uploadresult = Invoke-webrequest -Method POST -uri $uri -Headers $Headers -Body $encodedfile -ContentType 'application/json' | ConvertFrom-Json
$temppath = $uploadresult.localFilePath
现在文件已上传到 f5 - 我们需要将其作为证书安装在 f5 上
### Add new certificate on the f5 from the file you just uploaded
class cert
{
[string]$command
[string]$name
[string]$fromLocalFile
}
$cert = New-Object -TypeName cert
$cert.command = "install"
$cert.name = $nameofcert
$cert.fromLocalFile = $temppath
$body = $cert | ConvertTo-Json
$headers = @{Authorization = $basicAuthValue}
$url = "https://$bigip/mgmt/tm/sys/crypto/cert"
Invoke-WebRequest $url -method Post -Body $body -Headers $Headers -ContentType "application/json"
除了密钥 installurl 的 url 外,密钥是相同的过程
$url = "https://" + $bigip + "/mgmt/tm/sys/crypto/key"
Invoke-WebRequest $url -method Post -Body $body -Headers $Headers -ContentType "application/json" -Credential $credential | ConvertFrom-Json