F5 - eekbot/public GitHub Wiki

Decrypting An Encrypted TCP Dump

ssldump -AdenN -r /path/to/the/capture01.pcap -k /config/ssl/ssl.key/beta.example.fis.com_2015.key >> /var/tmp/clientside.txt

Checking CSR Information

openssl req -in /config/ssl/ssl.csr/icmtest.fnfg.com.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=US, ST=New York, L=LockPort, O=First Niagara Bank,N.A., OU=First Niagara Financial Group, CN=qa-cms.firstniagara.com

Troubleshooting Commands

# ping 10.0.0.2%10
PING 10.0.0.2%10(10.0.0.2%10) 56 data bytes
64 bytes from 10.0.0.2%10: icmp_seq=0 ttl=64 time=2.67 ms
64 bytes from 10.0.0.2%10: icmp_seq=1 ttl=64 time=0.993 ms

Debug Commands

To enable SSL debug logging:
tmsh modify /sys db log.ssl.level value debug

To turn it off:
tmsh modify /sys db log.ssl.level value Warning

To log TCP reset causes:
tmsh modify /sys db tm.rstcause.pkt value enable

To turn it off:
tmsh modify /sys db tm.rstcause.pkt value disable

Restarting the Web Service

v10:
# bigstart restart tomcat4
# bigstart restart httpd

v11:
(tmos)# restart /sys service tomcat 
(tmos)# restart /sys service httpd