Forum Discussion
Al_Estrellas
Nimbostratus
NimbostratusHow to modify client-ssl on multiple VS using TMSH
Hi, I was able to get the list of virtual servers using cert1 for example by list and grep. Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like ...
Mayur_Sutare
MVP
MVPBelow command should work to modify SSL Profile on the VS.
tmsh modify ltm virtual [virtual server name] profiles add { [client-ssl profile name] }
For the error that you are getting, do you have multiple client SSL on your VS and one of the profile is acting as default SSL? Please refer below articles.
https://cdn.f5.com/product/bugtracker/ID794493.html
https://support.f5.com/csp/article/K05426346
Al_EstrellasNimbostratus
NimbostratusThe above solution did not do the trick even I removed the chain, most likely because I am using the same key/certificate just using a different SSL profile to do the test.
I tried using a different key/certificate but also different domain and it worked. On December 2nd week, I'll get the new/replacement cert and will test the procedure in the KB and see if it works on same domain name different key/cert.
Here's the commands for reference:
modify /ltm virtual https_vs profiles add { newcert-clientssl {context clientside } }
modify /ltm virtual https_vs profiles delete { oldcert-clientssl }
I'll update this on December when I renew cert and will use a different SSL profile.
Thanks for the help.
Sean_BIf you are running a script to swap the clientssl profile of VIP, the below will work (you might need to have a standard where all clientssl profiles actually start with with word clientssl though)
modify /ltm virtual https_vs profiles delete { clientssl* }
modify /ltm virtual https_vs profiles add { newcert-clientssl {context clientside } }