For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

epaalx's avatar
epaalx
Icon for Cirrus rankCirrus
Sep 21, 2017

Inherit cert-key-chain and cipher from another client-ssl profile in existing profile

I have a populated client-ssl profile which I don't want to delete (because it's referenced by production VSs) but I want to substitute all of its contents (particularly, "cert-key-chain" and "cipher...
application delivery
LTM
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Mar 23, 2018

Actually we are talking about the client-ssl profile property of 

inherit-certkeychain
. It might be set to the following values: * false * true When trying to use tmsh to modify the value it´s very likely to get an error message ("read only property"). Changing it for the parent profile via WebUI or config file as proposed by epaalx (+1) is the workaround. It seems to be mandatory in v12.1.3 to set 
inherit-certkeychain false
for the parent to make sure the specific cert-key-chain in a child profile will be displayed and applied. Otherwise it might be overwritten by the cert-key-chain of the parent. The same setting has to be used in the child profile. Cheers, Stephan