Is there any way to retrieve or decrypt the SSL passphrase from F5 as I lost the passphrase.
From the article SOL14912, it seems that the retrieval is not possible.
21-Aug-201601:47 - last edited on 05-Jun-202315:54 by JimmyPackets
Hi Ganesh,
the passphrase is encrypted using the device master key. As long the master key of your device group hasn't changed or (at least) you've created a backup of the master-key, you will be able to restore entire UCS archives or even partial configurations containing secure strings.
With this knowledge in mind, you can also fairly easily decrypt a specific secure-string back to plaintext without even knowing the cryptography behind. Just
tsmh /list
the related configuration, grep the containing
$M$
secure-string and create for an example a new HTTP health-monitor containing the exported secure-string as password (via
tmsh load sys config merge from-terminal
). Attach the monitor to a node of your choice and then use tcpdump/wireshark to sniff the password (aka. B64 credentials) on the wire...
I used the HTTP monitor trick described here, it worked perfectly 🙂 The monitor needed to have username as well as password set, to send any Authorization: Basic request header.
