Forum Discussion
CirrusDecrypt ssl server
Hi everyone
Is it possible to decrypt ssl server profile?
I want to view data send from server to f5
Yes, it is possible. If you're on version 15 or higher, you can follow the instructions in the below F5 article:
https://my.f5.com/manage/s/article/K31793632Because you stated that you want to decrypt the traffic on the server-side (i.e. between the BIG-IP and the back-end pool member), you will need to use the "p" flag in your tcpdump command (this is mentioned in the same article).
An example of the command that I personally most often use is:
tcpdump -i <VLAN>:p -nn -s0 --f5 ssl "host <CLIENT IP> and port 443" -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap
2 Replies
Yes, it is possible. If you're on version 15 or higher, you can follow the instructions in the below F5 article:
https://my.f5.com/manage/s/article/K31793632Because you stated that you want to decrypt the traffic on the server-side (i.e. between the BIG-IP and the back-end pool member), you will need to use the "p" flag in your tcpdump command (this is mentioned in the same article).
An example of the command that I personally most often use is:
tcpdump -i <VLAN>:p -nn -s0 --f5 ssl "host <CLIENT IP> and port 443" -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap- Juergen_Mang
MVP
You can use my script: https://github.com/JuergenMang/f5-tls-decrypt
