Forum Discussion

Ganesh_Garg's avatar
Icon for Nimbostratus rankNimbostratus
Aug 20, 2016

SSL passphrase lost

Is there any way to retrieve or decrypt the SSL passphrase from F5 as I lost the passphrase. From the article SOL14912, it seems that the retrieval is not possible.


5 Replies

  • Hi Ganesh,

    the passphrase is encrypted using the device master key. As long the master key of your device group hasn't changed or (at least) you've created a backup of the master-key, you will be able to restore entire UCS archives or even partial configurations containing secure strings.

    With this knowledge in mind, you can also fairly easily decrypt a specific secure-string back to plaintext without even knowing the cryptography behind. Just

    tsmh /list
    the related configuration, grep the containing
    secure-string and create for an example a new HTTP health-monitor containing the exported secure-string as password (via
    tmsh load sys config merge from-terminal
    ). Attach the monitor to a node of your choice and then use tcpdump/wireshark to sniff the password (aka. B64 credentials) on the wire...

    Cheers, Kai

  • I would say not possible but I have never explored the options of trying to retrieve it.


  • I used the HTTP monitor trick described here, it worked perfectly :) The monitor needed to have username as well as password set, to send any Authorization: Basic request header.