View iApp config from the CLI

Question

Folks,&nbsp;
I have been thrust upon a Viprion running 11.3.  I'm trying to understand what SSL certificates a particular virtual service (VS) is using.  The VS is associated with an Exchange iApp.  From reading the F5 doc about this iApp, one of the steps is to select a SSL certificate.  More on that in a moment.  The VS has a ClientSSL and ServerSSL profile configured.  I can see quite clearly what certificates are configured for these profiles.  That was the easy part.  Getting back to the iApp.  I'm using a corporate computer so I don't have a choice as to the browser I can use to surf to the F5.  When clicking on the down-arrow menu for the SSL certificate, it's width is only so far and doesn't show the entire line of text.  The Viprion has a number of certificates similarly labelled I can't tell which one it is just by glancing at it.  With all of this, I have two questions:&nbsp;

Is there a CLI command to list how the iApp is configured?  From the CLI I entered 'show running-config' and from the output I couldn't find the specific iApp config, just references to it.&nbsp;

Why do iApps need an SSL certificate configured if it's referencing a server and client SSL profile? I'm making this statement because when I view the the VS and scroll down to where the SSL Profiles are, there seems to be a linkage. I've attached an image to demonstrate what I'm referring to.

&nbsp;
Thanks for your help.&nbsp;
Timothy&nbsp;

fred_slater_856 · Accepted Answer

Answer to 1:
    tmsh list sys app service 
    -or-
    tmsh list sys app service recursive
This will list all of the variable names in the iapp, including your ssl certificate names.

timothy_92333 · Answer

Fred,

Thanks for your answer to my first question.

This leads to another.  I can now see that the iApp was configured with an SSL certificate that is different to which has been configured in the Client &amp; Server SSL profiles that is associated with the VS.  What certificate would take preference - what's configured in the iApp or whats in the SSL profiles?  I may be answering my own question here - when I navigate to iApp -&gt; Application Services, choose the application, when on the Components tab it lists an SSL certificate that is configured on the Client and Server SSL Profiles.  So is this telling me that the SSL Profiles are overriding what's been configured on the iApp?  I guess a debug would confirm one way or the other!

And if my assumption is correct about the Client and Server SSL profile overriding the SSL certificate configured on the iApp, does this also mean that the re-encrypt (SSL Bridging) setting on the iApp is also overrided?

Thanks,

Timothy

fred_slater_856 · Answer

Timothy- The iApp sets configuration only when the template is run. If changes are made using the UI or the CLI afterwords, they overwrite the iApp's config. iApps have a property called "strictness" that is designed to prevent this confusion, but strictness may be disabled, and often is. Anyway, in your case, you can trust the configuration that you see in the UI. Just be aware that if you run the iApp again, it will again overwrite with its version of the config. -Fred

timothy_92333 · Answer

Ok, cool!  Thanks for your assistance.  And yes, the Strict feature has been unchecked!

Forum Discussion

View iApp config from the CLI

4 Replies

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

VMware Horizon View iApp

Spring4shell iApp

Early Release: VMware View and Horizon View iApp

F5 Analytics iApp

CVE-2021 Checker iApp