cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Modify iApp Template TMSH Commands

Barney_Royalty
Nimbostratus
Nimbostratus

We have an iApp template for HTTP 1.1 that we've been using for a long time. The commands for client SSL have been deprecated and we don't know enought iApp/TMSH code to modify it.

This describes our issue but doesn't give examples on how we can edit our iApp: https://support.f5.com/csp/article/K42021647

Basically we're using the old TMSH commands cert and key when we need to update them to use cert-key-chain.

 

Here's our iApp template section:

 

  # CLIENT SSL

  set do_client_ssl [expr { $use_apm || [iapp_is ::ssl__mode client_ssl client_ssl_server_ssl] }]

  set ssl_pass_thru [expr { !$use_apm && [iapp_is ::ssl__mode pass_thru] }]

 

  set new_client_ssl [expr { !$advanced || [iapp_is \

            ::ssl__client_ssl_profile $::CREATE_NEW_ANSWER] }]

  set do_chain_cert [expr { $advanced && \

            [info exists ::ssl__use_chain_cert] && \

            ![iapp_is ::ssl__use_chain_cert $::DO_NOT_USE_ANSWER] }]

  set cssl_cmd \

    "ltm profile client-ssl ${app}_client-ssl defaults-from clientssl"

 

  # array keys: $do_client_ssl,$new_client_ssl,$do_chain_cert

  array set client_ssl_arr {

    1,1,1 { [iapp_conf create $cssl_cmd key $::ssl__key cert $::ssl__cert \

       chain $::ssl__use_chain_cert] \{ context clientside \} }

    1,1,0 { [iapp_conf create $cssl_cmd key $::ssl__key cert $::ssl__cert \

       chain none] \{ context clientside \} }

    1,0,1 { $::ssl__client_ssl_profile \{ context clientside \} }

    1,0,0 { $::ssl__client_ssl_profile \{ context clientside \} }

    *   {}

  }

0 REPLIES 0