Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

epaalx's avatar
epaalx
Icon for Cirrus rankCirrus
Sep 21, 2017

Inherit cert-key-chain and cipher from another client-ssl profile in existing profile

I have a populated client-ssl profile which I don't want to delete (because it's referenced by production VSs) but I want to substitute all of its contents (particularly, "cert-key-chain" and "cipher...
application delivery
LTM
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Mar 23, 2018

Actually we are talking about the client-ssl profile property of 

inherit-certkeychain
. It might be set to the following values: * false * true When trying to use tmsh to modify the value it´s very likely to get an error message ("read only property"). Changing it for the parent profile via WebUI or config file as proposed by epaalx (+1) is the workaround. It seems to be mandatory in v12.1.3 to set 
inherit-certkeychain false
for the parent to make sure the specific cert-key-chain in a child profile will be displayed and applied. Otherwise it might be overwritten by the cert-key-chain of the parent. The same setting has to be used in the child profile. Cheers, Stephan