Forum Discussion
NimbostratusCan REST API SSL be disabled?
Does anyone know how to disable SSL for the REST API virtual host? I've looked through the tmsh and the httpd.conf and cannot seem to find a way to allow HTTP for testing. I'd like to perform packet captures during API integration testing without the SSL turned on.
6 Replies
What_Lies_Bene1Cirrostratus
Not possible I'm afraid. It's not too hard to decrypt the packet capture data though as you've access to the private key on the box. Let me know if you need help with that.
Andrew_Sweet_89Yes, I tried decrypting the SSL packet data with no luck. Any assistance in doing that would be greatly appreciated. I'm using RSA keys, not DH, but still couldn't get the decryption to work in Wireshark.
- What_Lies_Bene1
What private key did you use? The one here: /config/httpd/conf/server.key? I'm pretty sure that's the one that's used.
Regarding Wireshark, have a look through this and make sure all is well with what you are doing before we go further: http://packetpushers.net/using-wireshark-to-decode-ssltls-packets/
- Andrew_Sweet_89
Yeah, that's the challenge. I tried these methods all ready using the /config/httpd/conf/server.key file but it would not decrypt the traffic. My guess is that is not the key being used. I installed my own certificate on the F5, not the self-signed cert.
- What_Lies_Bene1
OK, well I assume you can see the certificate the F5 supplies in the packet capture at least? What the common name you see there, this might help us track down the right key.
- What_Lies_Bene1
Just testing using traditional iControl over SOAP and tcpdump, the /config/httpd/conf/server.crt certificate was definitely supplied.
