Forum Discussion

Al_Estrellas's avatar
Icon for Nimbostratus rankNimbostratus
Nov 25, 2020

How to modify client-ssl on multiple VS using TMSH



I was able to get the list of virtual servers using cert1 for example by list and grep.


Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like 50 VS, how to do that using modify on TMSH?


If I do modify /ltm virtual VSname profile add SSLname context clientside, im getting this error:

"vs has more than one clientssl/serverssl profile with same server name"


If I do delete, im getting this error:

"Syntax Error: "context" is a read-only property"


If I do replace-all-with, cert2 is configured but wipes all other profiles and i don't want to put alot of config to reconfigure all profiles in a VS.


Is there a 1 line command I can do?



3 Replies

  • Below command should work to modify SSL Profile on the VS.


    tmsh modify ltm virtual [virtual server name] profiles add { [client-ssl profile name] }


    For the error that you are getting, do you have multiple client SSL on your VS and one of the profile is acting as default SSL? Please refer below articles.



    • Al_Estrellas's avatar
      Icon for Nimbostratus rankNimbostratus

      The above solution did not do the trick even I removed the chain, most likely because I am using the same key/certificate just using a different SSL profile to do the test.


      I tried using a different key/certificate but also different domain and it worked. On December 2nd week, I'll get the new/replacement cert and will test the procedure in the KB and see if it works on same domain name different key/cert.


      Here's the commands for reference:

      modify /ltm virtual https_vs profiles add { newcert-clientssl {context clientside } }  

      modify /ltm virtual https_vs profiles delete { oldcert-clientssl } 


      I'll update this on December when I renew cert and will use a different SSL profile.


      Thanks for the help.

      • Sean_B's avatar
        Icon for Nimbostratus rankNimbostratus

        If you are running a script to swap the clientssl profile of VIP, the below will work (you might need to have a standard where all clientssl profiles actually start with with word clientssl though)

        modify /ltm virtual https_vs profiles delete { clientssl* } 
        modify /ltm virtual https_vs profiles add { newcert-clientssl {context clientside } }