Forum Discussion
Blue_whale
Cirrocumulus
Cirrocumuluswhat is the use of Passphrase in client SSL profile ?
Hi Team ,
When we attach the CERT and key to client SSL profile on the F5 , there is also a Passphrase box and we enter that password in the Passphrase box. What is the use of it ? why do we need it ? Will it change anything for the client when he access the url ?
cert ASMssl_443.crt
chain ASMssl_443_CA.crt
key ASMssl_443.key
passphrase $M$jZ$w+A2n4vT617oOULB+VN1vA==
Hi Blue_whale,
You have two types of passphrases for certificates:
- the first is when you upload your PEM, or PFX bundle certificate and this has a password to protect the file.
- the second is when the master key is a passphrase-protected, and in this case, you have to set the passphrase in the client SSL.
So, it doesn´t change anything for the client, this is an extra security layer to protect the master key and keep it encrypted in the F5, normally if the master key is not encrypted you can export it easily if you have access to the device.
if you need more info about other SSL profile parameters please review this link:
https://my.f5.com/manage/s/article/K14783
Hope it works.
Hi Blue_whale,
You have two types of passphrases for certificates:
- the first is when you upload your PEM, or PFX bundle certificate and this has a password to protect the file.
- the second is when the master key is a passphrase-protected, and in this case, you have to set the passphrase in the client SSL.
So, it doesn´t change anything for the client, this is an extra security layer to protect the master key and keep it encrypted in the F5, normally if the master key is not encrypted you can export it easily if you have access to the device.
if you need more info about other SSL profile parameters please review this link:
https://my.f5.com/manage/s/article/K14783
Hope it works.
- zamroni777
Nacreous
adding to Sebastiansierra
SSL client certificate "package" contains private key (as seen as the ASMssl_443.key file in your question).
the password is intended to protect that private key file.
Blue_whalethank you :)
