How to create ssl-client profile via cli

Hi,

Mostly, I don't use create commands but create one with GUI then get the configuration with tmsh command:

list ltm profile client-ssl sslprofile 
ltm profile client-ssl sslprofile {
    app-service none
    cert sslprofile.ddns.net_2017-08-29.crt
    cert-key-chain {
        sslprofile.ddns.net_2017-08-29 {
            cert sslprofile.ddns.net_2017-08-29.crt
            key sslprofile.ddns.net_2017-08-29.key
        }
    }
    chain none
    defaults-from client-ssl
    inherit-certkeychain false
    key sslprofile.ddns.net_2017-08-29.key
    passphrase none
    sni-default false
}

then, I modify in a text editor and load it with :

load sys config merge from-terminal

paste the text, CTRL-D and it's finished

Not much different from any other object you create using TMSH. There are far too many profile options to outline here, so its best if you start the syntax then use the ? to list properties available with a short description.

If you want to create a client-ssl profile named "my_clientssl_profile" with certificate "my_profile_certkey.crt" and key "my_profile_certkey.key", use the following:

(assumes you are in TMSH...if you are in Bash, precede this with tmsh)

create ltm profile client-ssl my_clientssl_profile defaults-from clientssl cert-key-chain add { my_profile_certkey { cert my_profile_certkey.crt key my_profile_certkey.key } }

Above assumes you already have a valid certificate - key pair on the system. If you don't and just want to test this syntax, replace cert with 'default.crt' and key with 'default.key' to use the built-in self-signed certificate/key (which should not be used for production traffic).

This is a minimal profile that just sets a certificate/key pair and inherits all other defaults from the built-in clientssl profile. Other properties should be configured as needed and can be listed using the ? as stated above.

Were you having specific issues when creating a profile or just interested in general syntax?