In a custom Client SSL profile what is the purpose of the PassPhrase box?

Question

When the server guys supply certificates to us they also provide a password. The password is needed to successfully import the cert into the F5. When I build a client SSl profile for an App there is also a PassPhrase box and we enter that password in the PassPhase box. My question is do I really need to enter that password in the client ssl profile? What is it used for? The last profile I built I purposely left off the PassPhrase and the VIP still worked. Can you clarify this for me? Thanks.

kevin_stewart · Answer

When you import the cert and key, I'm assuming you do so as a p12/pfx file? That password is to unlock the pkcs12 encryption to allow the cert and key to be exported as PEM. &nbsp;
The passphrase option in the SSL profile is if the key is still encrypted (which it rarely ever is).&nbsp;

kevin_stewart · Answer

I wouldn't call it a best practice as much as a requirement, or lack thereof. If your private keys aren't encrypted and require a passphrase, then you don't need the passphrase in the SSL profile.

kevin_stewart · Answer

That's correct.&nbsp;

Forum Discussion

In a custom Client SSL profile what is the purpose of the PassPhrase box?

3 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

AS3 TLS certificate without passphrase

Password Safety & Security: Passwords vs. Passphrases

SSL Profiles

Server Profile SNI

Passphrase for cookie encryption profile