Closed Kainik-sk closed 10 months ago
Hi @Kainik-sk,
Which CA-file are you referring to? Trusted Certificate Authorities and Advertised Certificate Authorities in Client Authentication or CA Certificate Key Chain in SSL Forward proxy?
Have you checked the following page? https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_profile_client_ssl_module.html#bigip-profile-client-ssl-module-3
Can you share the tmsh command you used?
ltm profile client-ssl test_ssl_profile { app-service none ca-file ca-bundle.crt <<< ---- refering to updating this cert-key-chain { default { cert default.crt key default.key } } defaults-from clientssl inherit-ca-certkeychain true inherit-certkeychain true }
Hi @Kainik-sk,
As explained in the following page https://clouddocs.f5.com/products/orchestration/ansible/devel/modules/bigip_profile_client_ssl_module.html#bigip-profile-client-ssl-module-3 , trusted_cert_authority is the parameter you need to specify.
Here an example.
- name: Test
hosts: all
gather_facts: false
vars:
provider:
server: "X.X.X.X"
user: "admin"
password: "mypassword"
validate_certs: no
server_port: 443
tasks:
- name: Create client SSL profile
bigip_profile_client_ssl:
state: present
name: my_profile
trusted_cert_authority: ca-bundle.crt
provider: "{{ provider }}"
delegate_to: localhost
Ah, sorry it seems I missed that. It works as expected. Thank you for pointing me in the right direction.
Could CA-file update be added to bigip_profile_client_ssl module? Only way to do it now is via command module.