Import Certificates into Cisco IOS Router (SSL VPN)

Problem:

So I've made a few posts on automating SSL VPN with LetsEncrypt etc etc, however what if you're already using some way of generating certificates? Be it LetsEncrypt or otherwise.

Essentially these days I rely on another container to generate certificates as they're used by my loadbalancer to serve HTTPS content for my sites, but I still want to load these certs into my router.

Solution:

I've modified my earlier python script to be able to do this. It can be found here under import_cert.py: https://github.com/dchidell/webvpncert/tree/master

This can then be run inside a container doing something like the following (if you've read some previous posts on netmiko inside Alpine you'll recognise this):

Directory Structure:

root@docker:/home/david/cert# ls
docker-compose.yml  Dockerfile  import_cert.py
root@docker:/home/david/cert# 

Dockerfile:

FROM python:alpine
MAINTAINER David Chidell

RUN apk --no-cache add build-base libffi-dev openssl-dev openssl
RUN pip install --no-cache-dir netmiko

COPY import_cert.py .

ENTRYPOINT ["python", "./import_cert.py"]
CMD ["--help"]

VOLUME ["/certs"]

docker-compose.yml:

version: '3.2'
services:
 cert_import:
  image: dchidell/router-cert-import
  build: .
  command: 10.66.50.1 CA_LETSENCRYPT /certs/privkey1.pem /certs/cert1.pem /certs/chain1.pem --u dchidell --sshkey /root/.ssh/id_rsa.pub
  volumes:
   - /root/.ssh:/root/.ssh:ro
   - /mnt/nas/certs/dchidell.com:/certs

You can then run this container like so:

docker-compose -f /home/david/cert/docker-compose.yml run cert_import