Forum Discussion
AltostratusClient-SSL Profile Error: "SSL forward proxy RSA CA key is missing"??
I reproduced the error you observed on 14.1 using the data you posted. Which BIG-IP version are you using?
# curl -sku <user>:<pass> https://<mgmtIp>/mgmt/tm/ltm/profile/client-ssl -X POST \
-H "Content-type: application/json" -d@sat1
{"code":400,"message":"01071610:3: Profile /Common/cssl_my_default's SSL forward proxy RSA CA key is missing.","errorStack":[],"apiError":3}
(the file sat1 contains the data above).
If 14.1, remove tmOptions, proxyCaCert, proxyCaKey, proxySsl and proxySslPassthrough from your post data, and try again.
AltostratusHi Satoshi,
I figured out the issue, and it's pretty annoying: our client SSL profiles had SSL forward proxy disabled, however there were options in that section that had the custom value checkbox selected, even though they were still the default values. After I unchecked those boxes, the keys were removed from the JSON and I could migrate the profile without issue.
The annoying bit about this is that despite SSL forward proxy being disabled, associated key/value pairs are being validated because the custom checkbox was checked. I would think that if SSL forward proxy is disabled, related key/value pairs wouldn't show up in the JSON data, let alone be validated.
Thanks for looking into the issue, though. I hope all is well on your end!
Cheers!
