Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Mar 17, 2015

CA and Identity certs locations

Hi,

 

According to for example SOL13946locations for mentioned certs are:

 

  • /config/ssl/ssl.crt/dtdi.crt - Identity
  • /config/ssl/ssl.crt/dtca.crt - CA

I checked this location on Active unit of Active/Standby pair (11.2.0). No such files there.

 

However I was able to find this files (or instances?) in /config/filestore/files_d/Common_d/trust_certificate_d/:

 

  • :Common:dtdi.crt_26612_1 - Identity
  • :Common:dtca.crt_26603_1 - CA

On Standby unit certs are in location specified by SOL. I was nor t able to find any info about this movement of certs on Active - is that by design for HA pair?

 

Piotr

 

application delivery
deployment
LTM
TMOS
TMSH

9 Replies

  • dragonflymr's avatar
    dragonflymr
    Icon for Cirrostratus rankCirrostratus
    Mar 17, 2015
    Seems that it's not state of the device (Active/Standby) that is responsible for different location of certs. After failover nothing changed, only former Standby have certs in location specified by SOL as well as location I mentioned for former Active. So I am puzzled why there are no certs in location specified by SOL on one device but they are on another. Piotr
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Mar 17, 2015

    i understand we are using the one in filestore but i do not remember where i have read. :)

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Mar 17, 2015
      Hmm, so sol is wrong about locations? HA is working without issue, trust can be removed and created but on one device there are no certs in location specified by sol - I ma curious what was the reason for removing certs from would be "default" location. Piotr
    • nitass_89166's avatar
      nitass_89166
      Icon for Noctilucent rankNoctilucent
      Mar 17, 2015
      i understand it is changed to support introducing of filestore.
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Mar 17, 2015
      OK, I found some references, it's pity that there is no explanation of changes in DSC docs. Piotr
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 17, 2015

    i understand we are using the one in filestore but i do not remember where i have read. :)

     

    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Mar 17, 2015
      Hmm, so sol is wrong about locations? HA is working without issue, trust can be removed and created but on one device there are no certs in location specified by sol - I ma curious what was the reason for removing certs from would be "default" location. Piotr
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Mar 17, 2015
      i understand it is changed to support introducing of filestore.
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Mar 17, 2015
      OK, I found some references, it's pity that there is no explanation of changes in DSC docs. Piotr