Forum Discussion

Jean-Francois_7's avatar
Jean-Francois_7
Icon for Nimbostratus rankNimbostratus
Jul 20, 2012

Expire Certificate issue

Hi all,     The certificate defautl in the LTM in SSL certicate list had expired. I renewed the certificate default to 9125 days.   When I return to the menu of all the certificates, the...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Jul 20, 2012
yes, i got it too. it is similar to sol13381 but modify file ssl-cert command is not working. if no one else here knows or has any idea, could you please open a support case?

sol13381: The 'tmsh install sys crypto cert' command fails when you attempt to install a renewed SSL certificate

http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13381 

[root@ve11a:Active:Changes Pending] config  openssl x509 -in /config/ssl/ssl.crt/default.crt -dates -noout
notBefore=Jul 20 16:55:40 2012 GMT
notAfter=Jul 20 16:55:40 2013 GMT

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list sys crypto cert default.crt
sys crypto cert default.crt {
    certificate-key-size 2048
    city Seattle
    common-name localhost.localdomain
    country US
    email-address root@localhost.localdomain
    expiration Jun 28 15:21:16 2022 GMT
    organization MyCompany
    ou IT
    state WA
    subject-alternative-name
}

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) list sys file ssl-cert default.crt
sys file ssl-cert default.crt {
    certificate-key-size 2048
    checksum SHA1:1334:4c5fe8d2d4006c3a02be05242218f401cd601ad5
    create-time 2012-06-30:16:07:12
    created-by root
    email root@localhost.localdomain
    expiration-date 1656429676
    expiration-string "Jun 28 15:21:16 2022 GMT"
    issuer emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
    key-type rsa-public
    last-update-time 2012-06-30:16:07:12
    mode 33188
    revision 1
    serial-number 911
    size 1334
    subject emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US
    system-path /config/ssl/ssl.crt/default.crt
    updated-by root
    version 3
}

root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos) modify sys file ssl-cert default.crt source-path file:/var/tmp/default.crt
Copying file "file:/var/tmp/default.crt" ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
101  1216  101  1216    0     0  5185k      0 --:--:-- --:--:-- --:--:--     0
01070712:3: Caught configuration exception (0), Access check failed for (/Common/default.crt). - sys/validation/FileObject.cpp, line 3095.