Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Apr 26, 2017

how to identify default ssl key used in ssl-bridging ?

I have configured ssl-bridging for an application, clients are reporting connectivity issues. I'm trying to decrypt the traffic to identify the issues. I tried to decrypt the traffic from F5 to the back-end node using the following command. However I'm confused which is the default server key I have to refer here. 

ssldump -AdenN -k  -r /var/tmp/test.pcap > /var/tmp/test_decrypt.dump

The file location 

/config/filestore/files_d/Common_d/certificate_key_d/
contains too many keys whose names starts with 'default'.

Can someone let me know how to know identify the name of the key the ssl bridging will consider in this case.

application delivery
LTM
security
TMOS

2 Replies

Sort By
  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Apr 26, 2017

    If you've got SSL Offload on the device, the key you'll want to use is the key associated with the Server SSL Profile.

     

    If the F5 isn't involved in the SSL handshake - I.e. its SSL "Passthrough" and is a FastL4/Forwarding VIP. you won't see the SSL handhsake and therefore won't eb able to decrypt the packets...

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2017

      Hi Thomson,

      Its a standard VIP with ssl-bridging and with default server ssl profile.

      As it would be a fully proxy connection. 

      client <-----client ssl profile -----> F5 <------server ssl profile--------> server

      To my understanding, if the server ssl profile has no specific certificate and key attached F5 is going to use default F5's ssl certificate and key to complete the handshake. correct me if I'm wrong.

      As there are too many default ssl certificates and keys, I'm not able to identify which one would be used to complete ssl handshake between F5 and the server.