For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

computerli's avatar
computerli
Icon for Altostratus rankAltostratus
May 17, 2018

Firmware update removed private certificate from ca-bundle

On my test VM, I added certificate from my internal CA to the ca-bundle and it looked fine. I updated the firmware from BIGIP-13.1.0.2 to BIGIP-13.1.0.6

 

After the update the certificate from my internal CA is no longer in the ca-bundle. Is this the default behavior?

 

application delivery
LTM

2 Replies

  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    May 18, 2018

    I suspect, its compatibility things in internal CA. Which couldn't compile in latest version, So F5 firmware removed particular certificate. Can you please re-add internal CA in "ca-bundle" and load the configuration and see the logs.

    So far we have observed few Bugs in BIGIP-13.1.0.6 and F5 confirmed the same. One of the Bug 

    ID 705442
    .

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    May 18, 2018

    After the update the certificate from my internal CA is no longer in the ca-bundle. Is this the default behavior?

     

    It is not recommended to edit default objects in BigIP. this can cause issues during upgrades.

     

    If you want to add a CA in ca-bundle, create your own and add both internal CA and ca-bundle certificates.

     

    The problem is F5 provides Certificate authorities bundle upgrades which may be included in upgrade packages. the last one was released on 04/16/2018 and 13.1.0.6 was released on 04/30/2018...