cancel
Showing results for 
Search instead for 
Did you mean: 

export ltm monitor https password

Julio_Navarro
Cirrostratus
Cirrostratus

hi,

i have two ltm systems

first ltm has a pool with a monitor (https) with a username and password

the second needs to have the same pool with the username and password from the first.

we don't have the password.

and both system are already with multiple different configuration objects (monitor, SSL), so I can't export the master-key.

 

So, is there a way to decrypt the password from username in ltm #1?

Thanks

 

2 REPLIES 2

boneyard
MVP
MVP

not sure if still relevant but i would go for capturing the traffic at the server, decrypt it and from that gain the information you want.

 

you could perhaps even easier point the first LTM to the second and add a node with that monitor. then you can even easier see what happens.

You dont have to export the master key. You just have to set the master key same in both the boxes to get this working. When you load an encrypted config into another box, it validates the passphrase configuration against the master key.

 

Follow these steps:

Login to your primary LTM where you have the monitor config.

tmsh show sys crypto master-key tmsh modify sys crypto master-key prompt-for-password enter password: mynewpassword password again: mynewpassword tmsh show sys crypto master-key

You would notice the old hash and the new hash of your new password when you run show sys crypto command.

 

Login to your second LTM where you want the monitor to be loaded.

tmsh show sys crypto master-key tmsh modify sys crypto master-key prompt-for-password enter password: mynewpassword password again: mynewpassword tmsh show sys crypto master-key

Now that both the boxes have the same master-key, the config can be copied and loaded in the second ltm.

tmsh load sys config merge from-terminal

This should work. Thats how we handle the singletons or l7 boxes (standalone L7 LTM's)