Forum Discussion
Mattews
Cirrus
CirrusConfiguring Client SSL Profile from TMSH
Hi,
can i configure a VS with a SSL Profile associated via TMSH ?
I know the full configuration of the VS but i need this small piece of configuration to complete the task (obviously i already have a SSL certificate created on my appliance)
Can you help me ?
Thanks in advance, bye.
Lee_SutcliffeNacreous
If you just need to add a client-ssl profile to your virtual server, you can use this command, replacing ' my-virtual-server-name' for your virtual server name and 'clientssl' with the name of the certificate
tmsh modify ltm virtual my-virtual-server-name add { clientssl }
MattewsOk but where i can put the name of the certificate (already created) that must be associated with the ssl profile?
This is my conf:
create ltm virtual VS { destination x.x.x.x:443 ip-protocol tcp mask 255.255.255.255 pool POOL profiles add { tcp {} } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vlans-enabled enabled vlans add { VLAN1 VLAN2 } }Thanks
- Mattews
Sorry,
i read now the full description, so just insert the certificate name only to implement the client ssl profile? without any brackets?
- Lee_Sutcliffe
you need to create a client SS L profile first and attach this to your virtual server. You don't add certificates directly
- Mattews
Sorry Lee, another question:
I need to create a VS always from TMSH esposed on port 17879 and nodes need to be balanced on the same port.
Is this the correct configuration ?
create ltm pool POOL_17879 monitor tcp members add { 10.x.x.1:17879 10.x.x.2:17879 } create ltm virtual VS_17879 { destination 10.x.x.x:17879 ip-protocol tcp mask 255.255.255.255 pool POOL_17879 profiles add { tcp{} } source-address-translation { type automap } translate-address enabled translate-port enabled vlans-enabled enabled vlans add { VLAN_X } } run /cm config-sync to-group HA-GROUPThanks
- Lee_Sutcliffe
Just try it dude, if the config if wrong TMOS will tell you