NimbostratusDoes anyone know how to disable SSL for the REST API virtual host? I've looked through the tmsh and the httpd.conf and cannot seem to find a way to allow HTTP for testing. I'd like to perform packet captures during API integration testing without the SSL turned on.
CirrostratusNot possible I'm afraid. It's not too hard to decrypt the packet capture data though as you've access to the private key on the box. Let me know if you need help with that.
NimbostratusYes, I tried decrypting the SSL packet data with no luck. Any assistance in doing that would be greatly appreciated. I'm using RSA keys, not DH, but still couldn't get the decryption to work in Wireshark.
CirrostratusWhat private key did you use? The one here: /config/httpd/conf/server.key? I'm pretty sure that's the one that's used.
Regarding Wireshark, have a look through this and make sure all is well with what you are doing before we go further: http://packetpushers.net/using-wireshark-to-decode-ssltls-packets/
NimbostratusYeah, that's the challenge. I tried these methods all ready using the /config/httpd/conf/server.key file but it would not decrypt the traffic. My guess is that is not the key being used. I installed my own certificate on the F5, not the self-signed cert.
CirrostratusOK, well I assume you can see the certificate the F5 supplies in the packet capture at least? What the common name you see there, this might help us track down the right key.
CirrostratusJust testing using traditional iControl over SOAP and tcpdump, the /config/httpd/conf/server.crt certificate was definitely supplied.