Firmware update removed private certificate from ca-bundle

Question

On my test VM, I added certificate from my internal CA to the ca-bundle and it looked fine. I updated the firmware from BIGIP-13.1.0.2 to BIGIP-13.1.0.6&nbsp;
After the update the certificate from my internal CA is no longer in the ca-bundle. Is this the default behavior? &nbsp;

samir_jha_52506 · Answer

I suspect, its compatibility things in internal CA. Which couldn't compile in latest version, So F5 firmware removed particular certificate. Can you please re-add internal CA in "ca-bundle" and load the configuration and see the logs.
So far we have observed few Bugs in BIGIP-13.1.0.6 and F5 confirmed the same. One of the Bug ID 705442.

stanislas_piro2 · Answer

After the update the certificate from my internal CA is no longer in the ca-bundle. Is this the default behavior?&nbsp;

It is not recommended to edit default objects in BigIP. this can cause issues during upgrades.&nbsp;
If you want to add a CA in ca-bundle, create your own and add both internal CA and ca-bundle certificates.&nbsp;
The problem is F5 provides Certificate authorities bundle upgrades which may be included in upgrade packages. the last one was released on 04/16/2018 and 13.1.0.6 was released on 04/30/2018...&nbsp;

Forum Discussion

Firmware update removed private certificate from ca-bundle

Recent Discussions

SNI Sites not taking correct certificate.

How to Renew F5 Device Certificate

irule to enable http/2 acceleration

Service discovery is not happening in AS3

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

Related Content

Creating, Importing and Assigning a CA Certificate Bundle

Automating ACMEv2 Certificate Management on BIG-IP

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS