what is the use of Passphrase in client SSL profile ?

Question

Hi Team ,&nbsp;&nbsp;When we attach the CERT and key to client SSL profile on the F5 , there is also a Passphrase box and we enter that password in the Passphrase box. What is the use of it ? why do we need it ? Will it change anything for the client when he access the url ?&nbsp;&nbsp;&nbsp;cert ASMssl_443.crt&nbsp;chain ASMssl_443_CA.crt&nbsp;key ASMssl_443.key&nbsp;passphrase $M$jZ$w+A2n4vT617oOULB+VN1vA==

sebastiansierra · Accepted Answer

Hi Blue_whale,
You have two types of passphrases for certificates:

the first is when you upload your PEM, or PFX bundle certificate and this has a password to protect the file.
the second is when the master key is a passphrase-protected, and in this case, you have to set the passphrase in the client SSL.

So, it doesn´t change anything for the client, this is an extra security layer to protect the master key and keep it encrypted in the F5, normally if the master key is not encrypted you can export it easily if you have access to the device.
if you need more info about other SSL profile parameters please review this link:
https://my.f5.com/manage/s/article/K14783
Hope it works.

zamroni777 · Answer

adding to SebastiansierraSSL client certificate "package" contains private key (as seen as the ASMssl_443.key file in your question).the password is intended to protect that private key file.

blue_whale · Answer

thank you :)

Forum Discussion

what is the use of Passphrase in client SSL profile ?

3 Replies

Recent Discussions

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Disk space full - what files, folders are safe to delete?

Converting config to DO

Related Content

AS3 TLS certificate without passphrase

Password Safety & Security: Passwords vs. Passphrases

SSL Profiles Part 8: Client Authentication

Client SSL Profile

Client vs Server SSL profile