Wth is wrong with this board? I can't even edit posts decently... Anyway, this is the correct bugfix:
!/bin/sh
NOTE:
- Remember that you need to manually import a CRL file through the GUI with
the same name as the one use by this script FIRST, otherwise the config
'touch' will fail. Load it through Local Traffic -> SSL Certificate List.
TMSH="/usr/bin/tmsh"
TMPFILE=`/bin/mktemp` || { echo "Failed to create temp file. Exiting"; exit 1; }
if [ -e "$TMSH" ]; then
STATUS=`$TMSH show sys failover`
else
echo "tmsh not found"
exit 1
fi
case "$STATUS" in
*active*)
echo "Active F5: Continuing..."
;;
*standby*)
echo "Standby F5: Exiting."
;;
*)
echo "Unknown status: Exiting."
exit 1
esac
/usr/bin/curl -f -o $TMPFILE -H 'Host: HOSTNAME' -g http://HOSTNAME/demo.crl
if [ $? -ne 0 ]; then
echo "Error getting CRL file. Exiting."
exit 1
fi
if [ -f $TMPFILE ] && [ -s $TMPFILE ]; then
convert the CRL from DER to PEM - ONLY IF NEEDED, my CRL was in PEM
format already from above
openssl crl -inform der -in demo.crl -out demo.pem
rm demo.crl
mv demo.pem demo.crl
$TMSH modify /sys file ssl-crl demo.crl source-path file:$TMPFILE
if [ $? -eq 0 ]; then
$TMSH run /cm config-sync to-group /Common/CLUSTERNAME
else
echo "crl upload fail. Exiting."
/bin/rm $TMPFILE
exit 1
fi
else
echo "No crl file found or crl file empty. Exiting."
exit 1
fi
/bin/rm $TMPFILE