Decrypting SSL SOAP traffic

Question

I'm using Soap::Lite to do my iConrol work. I've been trying to 
&nbsp; track donw a rather insidious bug, that proves to be hard to 
&nbsp; find. I'd like to be able to decrypt the iControl data stream  
&nbsp; to the BigIP using ssldump (i.e. capture my data using tcpdump, 
&nbsp; getting the F5 server key and using that to decrypt with ssldump). 
&nbsp;  
&nbsp; Can someone tell me where to find the SSL server key on the 
&nbsp; F5, or, better, show exactly how it's done? 
&nbsp;  
&nbsp; Thanks. 
&nbsp;

joe_pruitt · Answer

Is there a reason you aren't using SOAP::Lite's built in debugging.  I'm assuming you want to decrypt the iControl message to/from the server.  If you use the SOAP::Lite debugging you will get both the outbound and returning streams in clear text. 
  
 Replace this line 
  
 use SOAP::Lite 
  
 with 
  
 use SOAP::Lite + trace =&gt; qw(method debug); 
  
 And you will get everything in clear text in your client console. 
  
 -Joe

loc_pham_101863 · Answer

In 4.x, the locations of the server keys, certs, CSRs, CRLs are: 
&nbsp;  
&nbsp; /config/bigconfig/ssl.key 
&nbsp; /config/bigconfig/ssl.crt 
&nbsp; /config/bigconfig/ssl.csr 
&nbsp; /config/bigconfig/ssl.crl 
&nbsp;  
&nbsp; Loc

Forum Discussion

Decrypting SSL SOAP traffic

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

Decrypting TLS traffic on BIG-IP

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

F5 Distributed Cloud - Regional Decryption with Virtual Sites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS