Forum Discussion
2 Replies
- Stanislas_Piro2Cumulonimbus
Hi,
Mostly, I don't use create commands but create one with GUI then get the configuration with tmsh command:
list ltm profile client-ssl sslprofile ltm profile client-ssl sslprofile { app-service none cert sslprofile.ddns.net_2017-08-29.crt cert-key-chain { sslprofile.ddns.net_2017-08-29 { cert sslprofile.ddns.net_2017-08-29.crt key sslprofile.ddns.net_2017-08-29.key } } chain none defaults-from client-ssl inherit-certkeychain false key sslprofile.ddns.net_2017-08-29.key passphrase none sni-default false }
then, I modify in a text editor and load it with :
load sys config merge from-terminal
paste the text, CTRL-D and it's finished
- Ed_SummersNimbostratus
Not much different from any other object you create using TMSH. There are far too many profile options to outline here, so its best if you start the syntax then use the ? to list properties available with a short description.
If you want to create a client-ssl profile named "my_clientssl_profile" with certificate "my_profile_certkey.crt" and key "my_profile_certkey.key", use the following:
(assumes you are in TMSH...if you are in Bash, precede this with tmsh)
create ltm profile client-ssl my_clientssl_profile defaults-from clientssl cert-key-chain add { my_profile_certkey { cert my_profile_certkey.crt key my_profile_certkey.key } }
Above assumes you already have a valid certificate - key pair on the system. If you don't and just want to test this syntax, replace cert with 'default.crt' and key with 'default.key' to use the built-in self-signed certificate/key (which should not be used for production traffic).
This is a minimal profile that just sets a certificate/key pair and inherits all other defaults from the built-in clientssl profile. Other properties should be configured as needed and can be listed using the ? as stated above.
Were you having specific issues when creating a profile or just interested in general syntax?