h_elyot
Aug 06, 2019Nimbostratus
Change Parent SSL profile of 3 SSL Clients on the same Virtual Server
Hello, I currently have client SSL profiles attached to one Virtual Server. Their parent profile is the default "clientssl". In order to avoid using week ciphers, I have created a "no_CBC" cip...
- Aug 07, 2019
No problem.
Yes I would probably use tmsh to list them out, copy the profiles you're interested in to a text editor, change the profile name and defaults-from value from clienssl to no_CBC. Then I would use load /sys config merge from-terminal to add it into the config.
Something like this:
[root@bigip:Active:Standalone] config # tmsh root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm profile client-ssl test1 ltm profile client-ssl test1 { app-service none cert default.crt cert-key-chain { default_default { cert default.crt chain default.crt key default.key } } chain default.crt inherit-certkeychain false key default.key passphrase none } root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# load /sys config merge from-terminal Enter configuration. Press CTRL-D to submit or CTRL-C to cancel. ltm profile client-ssl test1_new { app-service none cert default.crt cert-key-chain { default_default { cert default.crt chain default.crt key default.key } } chain default.crt inherit-certkeychain false key default.key passphrase none defaults-from no_CBC } Loading configuration... root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm profile client-ssl test1_new ltm profile client-ssl test1_new { app-service none cert default.crt cert-key-chain { default_default { cert default.crt chain default.crt key default.key } } chain default.crt defaults-from no_CBC inherit-certkeychain true key default.key passphrase none }