search

F5Networks / f5-declarative-onboarding

F5 BIG-IP Declarative Onboarding
Apache License 2.0
59 stars 22 forks source link

Unable to update management certificate chain causing invalid certificates. #299

Open Pacobart opened 2 years ago

Pacobart commented 2 years ago

Is your feature request related to a problem? Please describe.

We are trying to automate deployments of BIG-IP's in our environment. When using declarative onboarding, we are able to set the management certificate and privateKey but are unable to set the certificate chain.

Describe the solution you'd like

We'd like to pass the chain in order to make our connections to the server secure and not give browser warnings.

 {
    "schemaVersion": "1.0.0",
    "class": "Device",
    "Common": {
        "class": "Tenant",
        "hostname": "f5-bigip-pbb-a.gs.kount.com",
        "deviceCertificate": {
            "class": "DeviceCertificate",
            "certificate": {
                "base64": ""
            },
            "certificateChain": { <--new field
                "base64": ""
            },
            "privateKey": {
                "base64": ""
            }
        }
    }
}

Describe alternatives you've considered

I've tried using the terraform provider but the certificates show up in a partition, not the management section: https://registry.terraform.io/providers/F5Networks/bigip/latest/docs/resources/bigip_ssl_certificate Next, I will look into tmsh comands and authenticating using a shell script to update the certificate. This isn't desired long term.

evanatuo commented 1 year ago

We're also interested in this feature. Using DO has caused me to have to change how we do validation for F5 APIs. Any chance of this making it to a release?