Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

View iApp config from the CLI

Folks,

I have been thrust upon a Viprion running 11.3. I'm trying to understand what SSL certificates a particular virtual service (VS) is using. The VS is associated with an Exchange iApp. From reading the F5 doc about this iApp, one of the steps is to select a SSL certificate. More on that in a moment. The VS has a ClientSSL and ServerSSL profile configured. I can see quite clearly what certificates are configured for these profiles. That was the easy part. Getting back to the iApp. I'm using a corporate computer so I don't have a choice as to the browser I can use to surf to the F5. When clicking on the down-arrow menu for the SSL certificate, it's width is only so far and doesn't show the entire line of text. The Viprion has a number of certificates similarly labelled I can't tell which one it is just by glancing at it. With all of this, I have two questions:

  1. Is there a CLI command to list how the iApp is configured? From the CLI I entered 'show running-config' and from the output I couldn't find the specific iApp config, just references to it.

  2. Why do iApps need an SSL certificate configured if it's referencing a server and client SSL profile? I'm making this statement because when I view the the VS and scroll down to where the SSL Profiles are, there seems to be a linkage. I've attached an image to demonstrate what I'm referring to.

Image Text

Thanks for your help.

Timothy

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
<pre class="prettyprint lang-tcl"><code>Answer to #1: tmsh list sys app service <tab to complete iapp name> -or- tmsh list sys app service recursive This will list all of the variable names in the iapp, including your ssl certificate names. </code></pre>
1
Comments on this Answer
Comment made 21-Jan-2014 by Timothy 67
Fred, Thanks for your answer to my first question. This leads to another. I can now see that the iApp was configured with an SSL certificate that is different to which has been configured in the Client & Server SSL profiles that is associated with the VS. What certificate would take preference - what's configured in the iApp or whats in the SSL profiles? I may be answering my own question here - when I navigate to iApp -> Application Services, choose the application, when on the Components tab it lists an SSL certificate that is configured on the Client and Server SSL Profiles. So is this telling me that the SSL Profiles are overriding what's been configured on the iApp? I guess a debug would confirm one way or the other! And if my assumption is correct about the Client and Server SSL profile overriding the SSL certificate configured on the iApp, does this also mean that the re-encrypt (SSL Bridging) setting on the iApp is also overrided? Thanks, Timothy
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Timothy- The iApp sets configuration only when the template is run. If changes are made using the UI or the CLI afterwords, they overwrite the iApp's config. iApps have a property called "strictness" that is designed to prevent this confusion, but strictness may be disabled, and often is. Anyway, in your case, you can trust the configuration that you see in the UI. Just be aware that if you run the iApp again, it will again overwrite with its version of the config. -Fred

1
Comments on this Answer
Comment made 21-Jan-2014 by Timothy 67
Ok, cool! Thanks for your assistance. And yes, the Strict feature has been unchecked!
0