Forum Discussion

Julio_Navarro's avatar
Julio_Navarro
Icon for Cirrostratus rankCirrostratus
Jul 27, 2021

export ltm monitor https password

hi,

i have two ltm systems

first ltm has a pool with a monitor (https) with a username and password

the second needs to have the same pool with the username and password from the first.

we don't have the password.

and both system are already with multiple different configuration objects (monitor, SSL), so I can't export the master-key.

 

So, is there a way to decrypt the password from username in ltm #1?

Thanks

 

2 Replies

  • not sure if still relevant but i would go for capturing the traffic at the server, decrypt it and from that gain the information you want.

     

    you could perhaps even easier point the first LTM to the second and add a node with that monitor. then you can even easier see what happens.

  • You dont have to export the master key. You just have to set the master key same in both the boxes to get this working. When you load an encrypted config into another box, it validates the passphrase configuration against the master key.

    Follow these steps:

    Login to your primary LTM where you have the monitor config.

    tmsh show sys crypto master-key
    tmsh modify sys crypto master-key prompt-for-password
    enter password: mynewpassword
    password again: mynewpassword
    tmsh show sys crypto master-key

    You would notice the old hash and the new hash of your new password when you run show sys crypto command.

    Login to your second LTM where you want the monitor to be loaded.

    tmsh show sys crypto master-key
    tmsh modify sys crypto master-key prompt-for-password
    enter password: mynewpassword
    password again: mynewpassword
    tmsh show sys crypto master-key

    Now that both the boxes have the same master-key, the config can be copied and loaded in the second ltm.

    tmsh load sys config merge from-terminal

    This should work. Thats how we handle the singletons or l7 boxes (standalone L7 LTM's)