Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Jan 24, 2017

How to delete parent profiles without losing settings

All, Does anyone know of a way to delete a parent profile without first having to unlink the child profiles?

 

Over the years we have made the mistake of creating new clientssl profiles, particularly with the SHA2 certificate upgrade and now have a number of expired certificates on our F5 devices. I cannot delete them as they are tied to the clientssl profiles which I cannot delete as they are linked as parent profiles to other clientssl profiles which are live (i.e. using non-expired ssl certificates).

 

Is there anyway to unlink them without loosing the settings etc, as I presume the only way is to change them to be linked to the default clientssl profile but want to keep the custom settings (e.g. the cipher list) which I presume will be immediately changed to the new parent one.

 

thanks

 

1 Reply

  • You can get all settings in the clientssl profile (individual settings as well as those iherited from the parent) by running

    "tmsh list ltm profile client-ssl  all-properties"
    . With those settings, you can recreate them with all their current settings (omitting the defaults-from option and chosing a new name for it) without changing any setting. Then you can unbind the original clientssl profile from the virtual and replace it with the new one, which will become active for all subsequent connections. In a last step, all "old" profiles can be deleted, the old parent being the last one.

    HTH

    Martin