Add/update CA-file in bigip_profile_client_ssl

[Kainik-sk]

Could CA-file update be added to bigip_profile_client_ssl module? Only way to do it now is via command module.

[pgouband]

Hi @Kainik-sk,

Which CA-file are you referring to? Trusted Certificate Authorities and Advertised Certificate Authorities in Client Authentication or CA Certificate Key Chain in SSL Forward proxy?

Have you checked the following page? https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_profile_client_ssl_module.html#bigip-profile-client-ssl-module-3

Can you share the tmsh command you used?

[Kainik-sk]

ltm profile client-ssl test_ssl_profile { app-service none ca-file ca-bundle.crt <<< ---- refering to updating this cert-key-chain { default { cert default.crt key default.key } } defaults-from clientssl inherit-ca-certkeychain true inherit-certkeychain true }

[pgouband]

Hi @Kainik-sk,

As explained in the following page https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_profile_client_ssl_module.html#bigip-profile-client-ssl-module-3 , trusted_cert_authority is the parameter you need to specify.

Here an example.

- name: Test
  hosts: all
  gather_facts: false
  vars:
    provider:
     server: "X.X.X.X"
     user: "admin"
     password: "mypassword"
     validate_certs: no
     server_port: 443

  tasks:
    - name: Create client SSL profile
      bigip_profile_client_ssl:
        state: present
        name: my_profile
        trusted_cert_authority: ca-bundle.crt
        provider: "{{ provider }}"
      delegate_to: localhost

[Kainik-sk]

Ah, sorry it seems I missed that. It works as expected. Thank you for pointing me in the right direction.