how to recover Cookie Encryption Passphrase once forget
- Apr 08, 2016
That's not possible, unless there's a secret backdoor in TMOS.
You can give that guy a call (maybe he remembers?) or use a cracking service provider - they will attempt to retrieve the plain-text format for a fee. Although he's no longer employed with your company, moving on without documenting the general-use passphrases is a lousy move. In some places, this can be considered as a criminal offense.
If you just want to migrate the existing configuration to a new BigIP platform, you can do it while not knowing the passphrase. To do so, you just copy the configuration as-is from /config/bigip.conf file to your new appliance.
If you're not looking to migrate configuration, you will probably have to settle for the impact. You can overwrite the existing passphrase with a new one during a low-activity hour, and send a 'sorry for inconvenience e-email' where you also instruct your users to close the application, and reconnect from a fresh browser session, should they experience any technical issues. If it's a permanent(or long-term) tracking cookie that's being encrypted, users may also have to manually delete their existing cookies.
You should also contact F5 support here.