How to modify client-ssl on multiple VS using TMSH

Al_Estrellas · ‎25-Nov-2020

Hi,

I was able to get the list of virtual servers using cert1 for example by list and grep.

Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like 50 VS, how to do that using modify on TMSH?

If I do modify /ltm virtual VSname profile add SSLname context clientside, im getting this error:

"vs has more than one clientssl/serverssl profile with same server name"

If I do delete, im getting this error:

"Syntax Error: "context" is a read-only property"

If I do replace-all-with, cert2 is configured but wipes all other profiles and i don't want to put alot of config to reconfigure all profiles in a VS.

Is there a 1 line command I can do?

TIA

Mayur_Sutare · ‎25-Nov-2020

Below command should work to modify SSL Profile on the VS.

tmsh modify ltm virtual [virtual server name] profiles add { [client-ssl profile name] }

For the error that you are getting, do you have multiple client SSL on your VS and one of the profile is acting as default SSL? Please refer below articles.

https://cdn.f5.com/product/bugtracker/ID794493.html

https://support.f5.com/csp/article/K05426346

Al_Estrellas · ‎26-Nov-2020

The above solution did not do the trick even I removed the chain, most likely because I am using the same key/certificate just using a different SSL profile to do the test.

I tried using a different key/certificate but also different domain and it worked. On December 2nd week, I'll get the new/replacement cert and will test the procedure in the KB and see if it works on same domain name different key/cert.

Here's the commands for reference:

modify /ltm virtual https_vs profiles add { newcert-clientssl {context clientside } }

modify /ltm virtual https_vs profiles delete { oldcert-clientssl }

I'll update this on December when I renew cert and will use a different SSL profile.

Thanks for the help.

DevCentral

How to modify client-ssl on multiple VS using TMSH