diff --git a/.github/workflows/keyfactor-bootstrap-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml
similarity index 73%
rename from .github/workflows/keyfactor-bootstrap-workflow.yml
rename to .github/workflows/keyfactor-starter-workflow.yml
index 6d8de53..61ea7a0 100644
--- a/.github/workflows/keyfactor-bootstrap-workflow.yml
+++ b/.github/workflows/keyfactor-starter-workflow.yml
@@ -1,4 +1,4 @@
-name: Keyfactor Bootstrap Workflow
+name: Keyfactor Bootstrap Workflow
on:
workflow_dispatch:
@@ -11,9 +11,10 @@ on:
jobs:
call-starter-workflow:
- uses: keyfactor/actions/.github/workflows/starter.yml@v2
+ uses: keyfactor/actions/.github/workflows/starter.yml@3.1.2
secrets:
token: ${{ secrets.V2BUILDTOKEN}}
APPROVE_README_PUSH: ${{ secrets.APPROVE_README_PUSH}}
gpg_key: ${{ secrets.KF_GPG_PRIVATE_KEY }}
gpg_pass: ${{ secrets.KF_GPG_PASSPHRASE }}
+ scan_token: ${{ secrets.SAST_TOKEN }}
diff --git a/F5WafOrchestrator.sln b/F5WafOrchestrator.sln
index 6d9f3f1..d5e7da0 100644
--- a/F5WafOrchestrator.sln
+++ b/F5WafOrchestrator.sln
@@ -1,8 +1,9 @@
Microsoft Visual Studio Solution File, Format Version 12.00
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "F5WafOrchestrator", "F5WafOrchestrator\F5WafOrchestrator.csproj", "{3645725A-2C84-4536-9A04-4F4CEDF30B21}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "F5WafOrchestrator.Tests", "F5WafOrchestrator.Tests\F5WafOrchestrator.Tests.csproj", "{E53E4095-667E-4F26-B596-28DC0E5CEEED}"
+# Visual Studio Version 17
+VisualStudioVersion = 17.11.35312.102
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "F5WafOrchestrator", "F5WafOrchestrator\F5WafOrchestrator.csproj", "{3645725A-2C84-4536-9A04-4F4CEDF30B21}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -12,12 +13,11 @@ Global
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Build.0 = Debug|Any CPU
+ {3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Deploy.0 = Debug|Any CPU
{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Release|Any CPU.ActiveCfg = Release|Any CPU
{3645725A-2C84-4536-9A04-4F4CEDF30B21}.Release|Any CPU.Build.0 = Release|Any CPU
- {3645725A-2C84-4536-9A04-4F4CEDF30B21}.Debug|Any CPU.Deploy.0 = Debug|Any CPU
- {E53E4095-667E-4F26-B596-28DC0E5CEEED}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
- {E53E4095-667E-4F26-B596-28DC0E5CEEED}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {E53E4095-667E-4F26-B596-28DC0E5CEEED}.Release|Any CPU.ActiveCfg = Release|Any CPU
- {E53E4095-667E-4F26-B596-28DC0E5CEEED}.Release|Any CPU.Build.0 = Release|Any CPU
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
EndGlobalSection
EndGlobal
diff --git a/F5WafOrchestrator/CA/Discovery.cs b/F5WafOrchestrator/CA/Discovery.cs
index 1f52c0b..9a04d51 100644
--- a/F5WafOrchestrator/CA/Discovery.cs
+++ b/F5WafOrchestrator/CA/Discovery.cs
@@ -18,6 +18,10 @@
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
public class Discovery : Job, IDiscoveryJobExtension
diff --git a/F5WafOrchestrator/CA/Inventory.cs b/F5WafOrchestrator/CA/Inventory.cs
index 7a4a388..780c086 100644
--- a/F5WafOrchestrator/CA/Inventory.cs
+++ b/F5WafOrchestrator/CA/Inventory.cs
@@ -18,6 +18,10 @@
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
public class Inventory : Job, IInventoryJobExtension
diff --git a/F5WafOrchestrator/CA/Management.cs b/F5WafOrchestrator/CA/Management.cs
index 43db82b..c16609d 100644
--- a/F5WafOrchestrator/CA/Management.cs
+++ b/F5WafOrchestrator/CA/Management.cs
@@ -18,6 +18,8 @@
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+using System;
+
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.CA;
public class Management : Job, IManagementJobExtension
diff --git a/F5WafOrchestrator/F5WafClient.cs b/F5WafOrchestrator/F5WafClient.cs
index f017abe..a10de07 100644
--- a/F5WafOrchestrator/F5WafClient.cs
+++ b/F5WafOrchestrator/F5WafClient.cs
@@ -12,6 +12,10 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+using System;
+using System.IO;
+using System.Linq;
+using System.Collections.Generic;
using System.Net.Http.Headers;
using System.Text;
using System.Text.Json;
@@ -24,8 +28,7 @@
using Newtonsoft.Json.Linq;
using Org.BouncyCastle.Pkcs;
using System.Net;
-using Org.BouncyCastle.Asn1.Ocsp;
-using System.Xml.Linq;
+using System.Net.Http;
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.Client;
diff --git a/F5WafOrchestrator/F5WafOrchestrator.csproj b/F5WafOrchestrator/F5WafOrchestrator.csproj
index e2ce2df..84d1728 100644
--- a/F5WafOrchestrator/F5WafOrchestrator.csproj
+++ b/F5WafOrchestrator/F5WafOrchestrator.csproj
@@ -1,13 +1,10 @@
- false
- net6.0
- true
- enable
- enable
- Keyfactor.Extensions.Orchestrator.F5WafOrchestrator
- latest
+ true
+ net6.0;net8.0
+ true
+ disable
@@ -19,31 +16,10 @@
-
-
Always
-
-
- ..\..\..\..\..\..\Program Files\Keyfactor\Keyfactor Orchestrator\BouncyCastle.Crypto.dll
-
-
-
-
-
-
- $(BaseOutputPath)
- false
- false
-
-
-
-
-
-
-
diff --git a/F5WafOrchestrator/TLS/Discovery.cs b/F5WafOrchestrator/TLS/Discovery.cs
index f0306cf..0f006ee 100644
--- a/F5WafOrchestrator/TLS/Discovery.cs
+++ b/F5WafOrchestrator/TLS/Discovery.cs
@@ -18,6 +18,10 @@
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;
public class Discovery : Job, IDiscoveryJobExtension
diff --git a/F5WafOrchestrator/TLS/Inventory.cs b/F5WafOrchestrator/TLS/Inventory.cs
index d75c47c..8cbe16a 100644
--- a/F5WafOrchestrator/TLS/Inventory.cs
+++ b/F5WafOrchestrator/TLS/Inventory.cs
@@ -17,6 +17,10 @@
using Keyfactor.Orchestrators.Common.Enums;
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
using System.Text.RegularExpressions;
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;
diff --git a/F5WafOrchestrator/TLS/Management.cs b/F5WafOrchestrator/TLS/Management.cs
index 076df2b..1220dc4 100644
--- a/F5WafOrchestrator/TLS/Management.cs
+++ b/F5WafOrchestrator/TLS/Management.cs
@@ -18,6 +18,8 @@
using Keyfactor.Orchestrators.Extensions;
using Microsoft.Extensions.Logging;
+using System;
+
namespace Keyfactor.Extensions.Orchestrator.F5WafOrchestrator.TLS;
public class Management : Job, IManagementJobExtension
diff --git a/docsource/content.md b/docsource/content.md
new file mode 100644
index 0000000..d4342a4
--- /dev/null
+++ b/docsource/content.md
@@ -0,0 +1,19 @@
+## Overview
+
+The Fortigate Orchestrator Extension supports the following use cases:
+1. Inventory of local user and factory cerificates
+2. Ability to add new local certificates
+3. Ability to renew **unbound** local user certificates
+4. Ability to delete **unbound** local user certificates
+
+The Fortigate Orchestrator Extension DOES NOT support the following use cases:
+1. The renewal or removal of certificates enrolled through the internal Fortigate CA
+2. The renewal or removal of factory certificates
+3. The renewal or removal of ANY certificate bound to a Fortigate object
+4. Certificate enrollment using the internal Fortigate CA (Keyfactor's "reenrollment" or "on device key generation" use case)
+
+
+## Requirements
+
+The Fortigate Orchestrator Extension requires an API token be created in the Fortigate environment being managed. Please review the following [instructions](https://docs.fortinet.com/document/forticonverter/7.0.1/online-help/866905/connect-fortigate-device-via-api-token) for creating an API token to be used in this integration.
+
diff --git a/docsource/f5wafTls.md b/docsource/f5wafTls.md
new file mode 100644
index 0000000..ed37e8e
--- /dev/null
+++ b/docsource/f5wafTls.md
@@ -0,0 +1 @@
+## Overview
diff --git a/integration-manifest.json b/integration-manifest.json
index 7cd4ebc..363a0b2 100644
--- a/integration-manifest.json
+++ b/integration-manifest.json
@@ -6,6 +6,7 @@
"link_github": true,
"update_catalog": true,
"release_dir": "F5WafOrchestrator/bin/Release",
+ "release_project": "F5WafOrchestrator/F5WafOrchestrator.csproj",
"support_level": "kf-supported",
"description": "The F5 WAF Orchestrator is an extension to the Keyfactor Universal Orchestrator. It Integrates with Multi-Cloud App Connect, which is F5 Distributed Cloud's service for connecting apps across clouds and within on premise installationss using load balancers. The purpose of the F5 WAF orchestrator is to manage the TLS and CA Root certificates. The TLS certificates may be bound to load balancers. The orchestrator facilitates the inventory, addition, renewal, and removal of these certificates as well as the discovery of namespaces (certificate stores) within the F5 Multi-Cloud App Connect instance.",
"about": {
@@ -13,26 +14,8 @@
"UOFramework": "10.4.1",
"pam_support": true,
"keyfactor_platform_version": "9.10",
- "win": {
- "supportsCreateStore": false,
- "supportsDiscovery": true,
- "supportsManagementAdd": true,
- "supportsManagementRemove": true,
- "supportsReenrollment": false,
- "supportsInventory": true,
- "platformSupport": "Unused"
- },
- "linux": {
- "supportsCreateStore": false,
- "supportsDiscovery": true,
- "supportsManagementAdd": true,
- "supportsManagementRemove": true,
- "supportsReenrollment": false,
- "supportsInventory": true,
- "platformSupport": "Unused"
- },
- "store_types": {
- "f5WafTls": {
+ "store_types": [
+ {
"Name": "F5 WAF TLS",
"ShortName": "f5WafTls",
"Capability": "f5WafTls",
@@ -57,7 +40,7 @@
"BlueprintAllowed": true,
"CustomAliasAllowed": "Required"
},
- "f5WafCa": {
+ {
"Name": "F5 WAF CA",
"ShortName": "f5WafCa",
"Capability": "f5WafCa",
@@ -68,7 +51,28 @@
"Enrollment": false,
"Remove": true
},
- "Properties": [],
+ "Properties": [
+ {
+ "Name": "ServerUsername",
+ "DisplayName": "Server Username",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A username (or valid PAM key if the username is stored in a KF Command configured PAM integration). If acting as an *agent* using local file access, just check *No Value*"
+ },
+ {
+ "Name": "ServerPassword",
+ "DisplayName": "Server Password",
+ "Type": "Secret",
+ "DependsOn": "",
+ "DefaultValue": "",
+ "Required": false,
+ "IsPAMEligible": true,
+ "Description": "A password (or valid PAM key if the password is stored in a KF Command configured PAM integration). The password can also be an SSH private key if connecting via SSH to a server using SSH private key authentication. If acting as an *agent* using local file access, just check *No Value*"
+ }
+ ],
"EntryParameters": [],
"PasswordOptions": {
"EntrySupported": false,
@@ -82,7 +86,7 @@
"BlueprintAllowed": true,
"CustomAliasAllowed": "Required"
}
- }
+ ]
}
}
}
diff --git a/readme-src/readme-pam-support.md b/readme-src/readme-pam-support.md
deleted file mode 100644
index afa937b..0000000
--- a/readme-src/readme-pam-support.md
+++ /dev/null
@@ -1,5 +0,0 @@
-|Name|Description|
-|----|-----------|
-|ServerUsername|The user id that will be used to authenticate to the F5 WAF API endpoints|
-|ServerPassword|The API token that will be used to authenticate to the F5 WAF API endpoints|
-
diff --git a/readme_source.md b/readme_source.md
deleted file mode 100644
index bacb491..0000000
--- a/readme_source.md
+++ /dev/null
@@ -1,173 +0,0 @@
-## Overview
-The F5 WAF Orchestrator extension remotely manages TLS and CA Root certificates uploaded to F5 Distributed Multi-Cloud App Connect, which is the F5 platform that manages WAF services. Certificates bound to Http Load Balancers within Multi-Cloud App Connect can be renewed/replaced, but they cannot be removed. Certificate store types f5WafTls and f5WafCa are used to manage stores containing TLS and CA Root certificates, respectively.
-
-
-f5WafTls
-
-The f5WafTls certificate store type is used to manage F5 Distributed Multi-Cloud App Connect TLS certificates.
-
-Use cases supported:
-1. Discovery of TLS stores. Discovery for F5 WAF returns any discoverable namespaces in the F5 WAF instance.
-2. Inventory of a TLS store. All TLS certificates, bound or unbound, within a namespace will be returned to Keyfactor Command.
-3. Management-Add. Add a new certificate or renew an existing one. Renew will work for both bound and unbound certificates. All existing binding will remain in place, bound to the same alias with the newly replaced/renewed certificate.
-4. Management-Delete. Remove an existing certificate. Will only work for unbound certificates.
-
-
-
-
-f5WafCa
-
-The f5WafCa certificate store type is used to manage F5 Distributed Multi-Cloud App Connect CA Root certificates.
-
-Use cases supported:
-1. Discovery of TLS stores. Discovery for F5 WAF returns any discoverable namespaces in the F5 WAF instance.
-2. Inventory of a TLS store. All CA Root certificates within a namespace will be returned to Keyfactor Command.
-3. Management-Add. Add a new certificate or renew an existing one.
-4. Management-Delete. Remove an existing certificate. Please note, for CA Root certicates, deleting an existing certificate will replace ALL instances of the same certificate and not only the one represented by the intended alias. This is an F5 WAF feature that the integration has no control over.
-
-
-
-
-## F5 WAF Orchestrator Extension Installation
-
-1. Refer to the [Creating Certificate Store Types](#creating-certificate-store-types) section to create the certificate store types you wish to manage.
-2. Stop the Keyfactor Universal Orchestrator Service on the server you plan to install this extension to run on.
-3. In the Keyfactor Orchestrator installation folder (by convention usually C:\Program Files\Keyfactor\Keyfactor Orchestrator for a Windows install or /opt/keyfactor/orchestrator/ for a Linux install), find the "Extensions" folder. Underneath that, create a new folder named "F5Waf". You may choose to use a different name if you wish.
-4. Download the latest version of the F5 WAF orchestrator extension from [GitHub](https://github.com/Keyfactor/f5-waf-orchestrator). Click on the "Latest" release link on the right hand side of the main page and download the first zip file.
-5. Copy the contents of the download installation zip file to the folder created in step 3.
-6. (Optional) If you decide to create one or more certificate store types with short names different than the suggested values, edit the manifest.json file in the folder you created in step 3, and modify each "ShortName" in each "Certstores.{ShortName}.{Operation}" line with the ShortName you used to create the respective certificate store type.
-7. Start the Keyfactor Universal Orchestrator Service.
-
-
-## Creating Certificate Store Types
-
-Below are the two certificate store types that the F5 WAF Orchestator Extension manages. To create a new Certificate Store Type in Keyfactor Command, first click on settings (the gear icon on the top right) => Certificate Store Types => Add. Next, follow the instructions under each store type you wish to set up.
-
-
-f5WafTls - TLS certificates in a namespace
-
-- Basic Tab:
-
- - **Name** – Required. The display name you wish to use for the new Certificate Store Type.
- - **Short Name** – Required. Suggested value - **f5WafTls**. If you choose to use a different value you must make the corresponding modification to the manifest.json file. See [F5 WAF Orchestrator Extension Installation](#f5-waf-orchestrator-extension-installation), step 6 above.
- - **Custom Capability** - Unchecked
- - **Supported Job Types** - Inventory, Add, Remove, and Discovery should all be checked.
- - **Needs Server** - Checked
- - **Blueprint Allowed** - Checked if you wish to make use of blueprinting. Please refer to the Keyfactor Command Reference Guide for more details on this feature.
- - **Uses PowerShell** - Unchecked
- - **Requires Store Password** - Unchecked
- - **Supports Entry Password** - Unchecked
-
-- Advanced Tab:
-
- - **Store Path Type** - Freeform
- - **Supports Custom Alias** - Required.
- - **Private Key Handling** - Required.
- - **PFX Password Style** - Default
-
-- Custom Fields Tab:
-
- - no additional custom fields
-
-- Entry Parameters Tab:
-
- - no additional entry parameters
-
-
-
-
-f5WafCa - CA Root certificates in a namespace
-
-- Basic Tab:
-
- - **Name** – Required. The display name you wish to use for the new Certificate Store Type.
- - **Short Name** – Required. Suggested value - **f5WafCa**. If you choose to use a different value you must make the corresponding modification to the manifest.json file. See [F5 WAF Orchestrator Extension Installation](#f5-waf-orchestrator-extension-installation), step 6 above.
- - **Custom Capability** - Unchecked
- - **Supported Job Types** - Inventory, Add, Remove, and Discovery should all be checked.
- - **Needs Server** - Checked
- - **Blueprint Allowed** - Checked if you wish to make use of blueprinting. Please refer to the Keyfactor Command Reference Guide for more details on this feature.
- - **Uses PowerShell** - Unchecked
- - **Requires Store Password** - Unchecked
- - **Supports Entry Password** - Unchecked
-
-- Advanced Tab:
-
- - **Store Path Type** - Freeform
- - **Supports Custom Alias** - Required.
- - **Private Key Handling** - Forbidden.
- - **PFX Password Style** - Default
-
-- Custom Fields Tab:
-
- - no additional custom fields
-
-- Entry Parameters Tab:
-
- - no additional entry parameters
-
-
-
-
-## Creating Certificate Stores and Scheduling Discovery Jobs
-
-When creating new certificate stores or scheduling discovery jobs in Keyfactor Command, there are a few fields that are important to highlight here:
-
-
-Certificate Stores
-
-The following table describes the required and optional fields for the `f5WafTls` and `f5WafCa` certificate store types when creating a certificate store.
-
-In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store.
-
-| Attribute | Description |
-| --------- |------------------------------------------------------------------------------------------------------------------------------------------------|
-| Category | Select either f5WafTls or f5WafCa depending on whether you want to manage TLS certificates or Root CA certificates. |
-| Container | Optional container to associate certificate store with. |
-| Client Machine | The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io'). |
-| Store Path | The Multi-Cloud App Connect namespace containing the certificates you wish to manage. |
-| Orchestrator | Select an approved orchestrator capable of managing F5 WAF certificates. Specifically, one with the f5WafTls and f5WafCa capabilities. |
-| Server Username | The username used to log in to the F5 Distributed Cloud instance (typically an email). |
-| Server Password | The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please see [Creating an F5 WAF API Token](#creating-an-f5-waf-api-token) for more details on creating this token. |
-| Use SSL | Not used for this integration, so either setting is fine. |
-
-
-
-
-Discovery Jobs
-
-The following table describes the required and optional fields to schedule a Discovery job for the `f5WafTls` and `f5WafCa` certificate store types.
-
-In Keyfactor Command, navigate to Certificate Stores from the Locations Menu and then click on the Discover tab.
-
-| Attribute | Description |
-| --------- |------------------------------------------------------------------------------------------------------------------------------------------------|
-| Category | Select either F5WafTls or F5WafCa depending on whether you want to return namespaces for TLS certificates or CA Root certificates. |
-| Orchestrator | Select an approved orchestrator capable of managing F5 WAF certificates. Specifically, one with the f5WafTls and f5WafCa capabilities. |
-| Schedule | Enter the schedule for when you want the job to run |
-| Client Machine | The URL for the F5 Distributed Cloud instance (typically ending in '.console.ves.volterra.io'. |
-| Server Username | The username used to log in to the F5 Distributed Cloud instance (typically an email). |
-| Server Password | The API Token configured in the F5 Distributed Cloud instance's Account Settings. Please see [Creating an F5 WAF API Token](#creating-an-f5-waf-api-token) for more details on creating this token. |
-| Directories to Search | Not used for this integration. Leave Blank. |
-| Directories to ignore | Not used for this integration. Leave Blank. |
-| Extensions | Not used for this integration. Leave Blank. |
-| File name patterns to match | Not used for this integration. Leave Blank. |
-| Follow SymLinks | Not used for this integration. Leave Unchecked. |
-| Follow SymLinks | Not used for this integration. Leave Unchecked. |
-| Use SSL? | Not used for this integration. Leave Unchecked. |
-
-Discovery jobs will return all known namespaces for this F5 WAF instance. Please note that because Keyfactor Command has a restriction on multiple certificate stores having the same Client Machine and Store Path, certificate stores for f5WafTls will return stores with a "tls-" prefixed to the beginning of the store path (namespace); while f5WafCA stores will have "ca-" prefixed. Any jobs that run for stores with these prefixes will have these prefixes removed before calling any F5 WAF APIs. What this means is a store path (namespace) for an f5WafTls store of "tls-namespace1" will be the same as one labeled "namespace1".
-
-
-
-
-## Creating an F5 WAF API Token
-
-In lieu of providing a server password when setting up an F5 WAF certificate store, F5 Multi-Cloud App Connect uses API tokens combined with the user id to authenticate when calling APIs. API Tokens can be created through the F5 Distributed Cloud Console after logging in with the ID you wish to use for the Keyfactor certificate store. Once logged in, select Multi-Cloud App Connect from the options under "Common services". Next, select Account Services from the pull down at the top right of the screen, and select "Account Settings". From there, click on "Credentials" on the left nav and "Add Credentials" on the subsequent screen. In the form shown, select "API Token" from the Credential Type dropdown, and enter the name of the credential and the expiration date. Please note that credentials can only be created for up to 90 day periods of time. After 90 days, a new API token will need to be generated and replaced in your F5 WAF certificate store(s). Clicking Generate will then show the value of the newly created API Token. Copy this and save to a safe place, as this will be the value you will enter in the Server Password field when setting up your certificate store. If you forget or lose this token value, there is no way to access it again in the F5 Distributed Cloud portal. You will need to create a new API Token.
-
-
-
-
-
-
-
-