Forum Discussion
NimbostratusCSR lost keys recovery
Still getting my feet under the F5 table moving from Cisco CSS and ACE. I was asked to generate a CSR. Done, customer sent off and got his cert back. I backed up the LTM and down loaded the .ucs. The LTM[s] got a factory reset. I rebuilt the config manually. The customer sent me the cert_name.cer to be loaded. HORRORS ...there is no key on the LTM for it. Is there any way of recovering the key generated during the CSR either off the LTM or from the ucs. I have opened the ucs file and I can see the information i used to gen the key - but no key details.
Thanks in advance
5 Replies
uniAltocumulus
Open the ucs file with 7zip or similar. Look in /var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/ Your key will be there (unless you put it in a partition other than Common), named something like :Common:mycert.key_1234_1
artl2377_166103Thanks - i found the above /var/t.... and i find references to the csr i generated but nowhere do i see anything that looks like a key [ie ----BEGIN KEY--- ] that matches any words i used in the csr. Am i missing something ?
Cheers for your help :)
- uni
It was there for me. Did you specify to include private keys when you created the ucs (the default behaviour)?
[root@f5:ModuleNotLicensed:Active:Standalone] ucs tar tvf test-backup.ucs |grep test-certificate -rw-r--r-- root/apache 1708 2014-12-09 10:40:57 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:test-certificate.key_48614_1 -rw-r--r-- root/apache 1216 2014-12-09 10:40:58 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:test-certificate.crt_48617_1 - artl2377_166103
OK so it looks like the SSL stuff was not backed up. i have the cert, I have CSR that was generated. Can I get the key from the CSR and import it into the LTm ?
- uni
No. The CSR only has the public key. Time to get on to your CA and ask if they'll sign a certificate with new keys.
