For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Cory_Blankenshi's avatar
Cory_Blankenshi
Icon for Altostratus rankAltostratus
Jul 18, 2019

Client-SSL Profile Error: "SSL forward proxy RSA CA key is missing"??

I am trying to create a client SSL profile via the rest API, and I am getting the error "SSL forward proxy RSA CA key is missing". Does anyone know what might be the cause of the error?
devops
iControlREST
LTM
boneyard's avatar
boneyard
Icon for MVP rankMVP
Jul 18, 2019

it sounds like you enabled to SSL forward proxy function on the profile

 

https://support.f5.com/csp/article/K14783#3

 

what is the rest API call you make?

  • Cory_Blankenshi's avatar
    Cory_Blankenshi
    Icon for Altostratus rankAltostratus
    Jul 18, 2019

    That's the weird thing though - SSL forward proxy is disabled. I'm sending the following payload to the endpoint "https://my.f5.com/mgmt/tm/ltm/profile/client-ssl":

    {
    "name": "cssl_my_default",
    "partition": "Common",
    "alertTimeout": "10",
    "allowDynamicRecordSizing": "disabled",
    "allowNonSsl": "disabled",
    "appService": "none",
    "bypassOnClientCertFail": "disabled",
    "bypassOnHandshakeAlert": "disabled",
    "cacheSize": 262144,
    "cacheTimeout": 3600,
    "cert": "/Common/mycrt",
    "certExtensionIncludes": [
        "basic-constraints",
        "subject-alternative-name"
    ],
    "certLifespan": 30,
    "certLookupByIpaddrPort": "disabled",
    "chain": "/Common/entrust_certification_authority_-_l1k",
    "cipherGroup": "none",
    "ciphers": "DEFAULT",
    "defaultsFrom": "/Common/clientssl",
    "description": "::dev:: none",
    "genericAlert": "enabled",
    "handshakeTimeout": "10",
    "inheritCertkeychain": "false",
    "key": "/Common/mykey",
    "maxActiveHandshakes": "indefinite",
    "maxAggregateRenegotiationPerMinute": "indefinite",
    "maxRenegotiationsPerMinute": 5,
    "maximumRecordSize": 16384,
    "modSslMethods": "disabled",
    "mode": "enabled",
    "notifyCertStatusToVirtualServer": "disabled",
    "ocspStapling": "disabled",
    "tmOptions": [
        "dont-insert-empty-fragments"
    ],
    "peerNoRenegotiateTimeout": "10",
    "proxyCaCert": "none",
    "proxyCaKey": "none",
    "proxySsl": "disabled",
    "proxySslPassthrough": "disabled",
    "renegotiateMaxRecordDelay": "indefinite",
    "renegotiatePeriod": "indefinite",
    "renegotiateSize": "indefinite",
    "renegotiation": "enabled",
    "secureRenegotiation": "require",
    "serverName": "none",
    "sessionMirroring": "disabled",
    "sessionTicket": "disabled",
    "sessionTicketTimeout": 0,
    "sniDefault": "false",
    "sniRequire": "false",
    "sslForwardProxy": "disabled",
    "sslForwardProxyBypass": "disabled",
    "sslSignHash": "any",
    "strictResume": "disabled",
    "uncleanShutdown": "enabled"
}