Forum Discussion
epaalx
Cirrus
CirrusInherit cert-key-chain and cipher from another client-ssl profile in existing profile
I have a populated client-ssl profile which I don't want to delete (because it's referenced by production VSs) but I want to substitute all of its contents (particularly, "cert-key-chain" and "cipher" attributes) with those of another profile (which I expect to do using "defaults-from" attribute).
I've attempted:
modify /ltm profile client-ssl clientssl_vshttpserver_2480_2s defaults-from QuoVadis_wildcard_XX_edu_au2 cert-key-chain delete {QuoVadis_wildcard_XX_edu_au}but get error:
010717e2:3: Client SSL profile must have at least one set of certificate/key.I can do it via Configuration Utility (by unchecking "Certificate Key Chain" and "Ciphers" sections), but (for logistical reasons) I need to achieve this task using TMSH.
Advice?
2 Replies
StephanMantheyNacreous
Actually we are talking about the client-ssl profile property of
. It might be set to the following values: * false * true When trying to use tmsh to modify the value it´s very likely to get an error message ("read only property"). Changing it for the parent profile via WebUI or config file as proposed by epaalx (+1) is the workaround. It seems to be mandatory in v12.1.3 to setinherit-certkeychain
for the parent to make sure the specific cert-key-chain in a child profile will be displayed and applied. Otherwise it might be overwritten by the cert-key-chain of the parent. The same setting has to be used in the child profile. Cheers, Stephaninherit-certkeychain false
