Forum Discussion

RemcoAA's avatar
Icon for Altostratus rankAltostratus
Jun 27, 2024

gtm_add failing due to CERT error

I am trying to cluster to GTM devices using the gtm_add command, but this is failing with this error:

ERROR: found "END CERT..." without BEGIN at line: 0.
ERROR: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt.

But when I check the mentioned file it looks like a valid certificate:


more /config/httpd/conf/ssl.crt/server.crt

Also via the browser the correct certificate is shown.


Any suggestions on what the problem could be?

5 Replies

  • Hi,

    TCP port 22 is open and we are using certificates signed by our Internal CA and these are working fine via the browser.

    I also got the feeling this error happens before even an attempt is made to connect to the other device.

    I am running v17.1.1.3

    • zamroni777's avatar
      Icon for Nacreous rankNacreous

      please try "openssl x509 -in /config/httpd/conf/ssl.crt/server.crt -text -noout" to verify the cert.

      also see the "Signature Algorithm" in the output.
      it should not be sha1

      • RemcoAA's avatar
        Icon for Altostratus rankAltostratus

        the openssl command gives:


        Signature Algorithm: sha256WithRSAEncryption



    Running the gtm_add script

    Before you start this task, you must determine the self IP address of a DNS system in the BIG-IP DNS synchronization group to which you want to add another BIG-IP DNS.

    You run the 


     script on the BIG-IP DNS system you are adding to your network to acquire the configuration settings from a BIG-IP DNS system that is already installed on your network. For additional information about running the script, see SOL13312 on (


    The BIG-IP DNS and other BIG-IP systems must have TCP port 


     open between the systems for the script to work. You must perform this task from the command-line interface.