it looks correct here.
e.g.
config
[root@ve11a:Active:In Sync] config tmsh list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
myclientssl {
context clientside
}
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 65
}
[root@ve11a:Active:In Sync] config tmsh list ltm profile client-ssl myclientssl
ltm profile client-ssl myclientssl {
app-service none
cert-key-chain {
server {
cert server.crt
chain chain.crt
key server.key
}
}
defaults-from clientssl
}
[root@ve11a:Active:In Sync] config tmsh list sys file ssl-cert server.crt
sys file ssl-cert server.crt {
certificate-key-size 4096
checksum SHA1:7112:924b5aee7e062690ab1adbae6d9243dcbd841ec9
create-time 2014-08-20:03:25:18
created-by root
expiration-date 1440066230
expiration-string "Aug 20 10:23:50 2015 GMT"
issuer CN=ca2013.acme.com,OU=Support,O=Acme,ST=WA,C=US
key-type rsa-public
last-update-time 2014-08-20:03:25:18
mode 33188
revision 1
serial-number 3
size 7112
subject CN=server.acme.com,OU=IT,O=Acme,ST=WA,C=US
updated-by root
version 3
}
test
[root@ve11a:Active:In Sync] config echo | openssl s_client -connect 172.28.24.10:443 2> /dev/null | openssl x509 -noout -dates
notBefore=Aug 20 10:23:50 2014 GMT
notAfter=Aug 20 10:23:50 2015 GMT