For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jean-Francois_7's avatar
Jean-Francois_7
Icon for Nimbostratus rankNimbostratus
Jul 20, 2012

Expire Certificate issue

Hi all,

 

 

The certificate defautl in the LTM in SSL certicate list had expired. I renewed the certificate default to 9125 days.

 

When I return to the menu of all the certificates, the date is expired but if I validate the certificate, there is a new date.

 

I do the following command and I see the new date

 

openssl x509-in / config / ssl / ssl.crt / default.crt-noout-enddate | cut-c10-40 .....

 

I wanted to delete the file / config / ssl / ssl.crt / default.crt but it is used in templates

 

We use the V11.2

 

Does anyone has had this problem

 

Cheers

 

Jean-Francois

 

config
design

3 Replies

  • Techgeeeg's avatar
    Techgeeeg
    Icon for Nimbostratus rankNimbostratus
    Jul 20, 2012
    Have to tried to rename this file instead of deleting it and rename the other file as default.crt....
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 20, 2012
    yes, i got it too. it is similar to sol13381 but modify file ssl-cert command is not working. if no one else here knows or has any idea, could you please open a support case?

    sol13381: The 'tmsh install sys crypto cert' command fails when you attempt to install a renewed SSL certificate

    http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13381 

    [root@ve11a:Active:Changes Pending] config  openssl x509 -in /config/ssl/ssl.crt/default.crt -dates -noout
notBefore=Jul 20 16:55:40 2012 GMT
notAfter=Jul 20 16:55:40 2013 GMT

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list sys crypto cert default.crt
sys crypto cert default.crt {
    certificate-key-size 2048
    city Seattle
    common-name localhost.localdomain
    country US
    email-address root@localhost.localdomain
    expiration Jun 28 15:21:16 2022 GMT
    organization MyCompany
    ou IT
    state WA
    subject-alternative-name
}

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list sys file ssl-cert default.crt
sys file ssl-cert default.crt {
    certificate-key-size 2048
    checksum SHA1:1334:4c5fe8d2d4006c3a02be05242218f401cd601ad5
    create-time 2012-06-30:16:07:12
    created-by root
    email root@localhost.localdomain
    expiration-date 1656429676
    expiration-string "Jun 28 15:21:16 2022 GMT"
    issuer emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
    key-type rsa-public
    last-update-time 2012-06-30:16:07:12
    mode 33188
    revision 1
    serial-number 911
    size 1334
    subject emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
    system-path /config/ssl/ssl.crt/default.crt
    updated-by root
    version 3
}

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) modify sys file ssl-cert default.crt source-path file:/var/tmp/default.crt
Copying file "file:/var/tmp/default.crt" ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
101  1216  101  1216    0     0  5185k      0 --:--:-- --:--:-- --:--:--     0
01070712:3: Caught configuration exception (0), Access check failed for (/Common/default.crt). - sys/validation/FileObject.cpp, line 3095.
  • David__Pasch's avatar
    David__Pasch
    Icon for Altostratus rankAltostratus
    Jul 29, 2015

    I recently had this issue and had to force a reload of mcpd to resolve it. sol13030 can show you how to do this.

     

    Hope it helps!

     

    David