Forum Discussion
NimbostratusError reading key PEM file: bad password read
After upgrading to 11.6 HF5 on our LTM I'm no longer able to ciphers on my client side SSL profiles. When I try to do this I receive error:
01070313:3: Error reading key PEM file /config/filestore/files_d/Common_d/certificate_key_d/:Common:key name here for profile /Common/profile name here: error:0906A068:PEM routines:PEM_do_header:bad password read
Before the upgrade I reordered the ciphers on all my profiles so that the strongest ciphers in 10.2 were used first. Now that the upgrade is done I'm trying to reorder them with the new ciphers available in 11.6.
Any help is greatly appreciated.
3 Replies
PeteWhiteEmployee
Have you tried uploading the key again? I have seen this before where the key has a password set and the unit master key has changed ( f5mku -K ).
Root44Altostratus
1) Did you upload the key via GUI? if yes,then was it in the expected format? 2) Check the passphrase again.
Let me know if you need help. I've been through this multiple times.
StephanMantheyNacreous
If your private key is protected by passphrase you can try to restore the master key as recommended by Pete.
But you can enter a cleartext passphrase into your /config/bigip.conf in the context of the affected client-ssl profile as well to replace the current encyrpted passphrase proteced by the master key (the one with $M$ prefix). Now reload the configuration by entering:tmsh load sys configIf it loads properly you can save it afterwards:
tmsh save sys config
