For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

boo_radley_1114's avatar
boo_radley_1114
Icon for Nimbostratus rankNimbostratus
Sep 23, 2013

Handling self-signed certs with java and iControl

Hi folks -- I'd like to write a couple simple java classes to automate some tasks in our F5 LTM (such as enabling/disabling certain nodes).   To get started I downloaded iControlAssembly_11_3_0-Ja...
devops
iControl
Joe_Pruitt's avatar
Joe_Pruitt
Sep 23, 2013

That specific error was something we put in due to an open vulnerability in Apache Axis:

 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5784

 

We had many customers report this to us and were unable to deploy any iControl applications unless we patched this.

 

The workaround is to create a local host entry to give a hostname to server hostname so the URL you requested in the connection matches what's in the certificate.

 

You can also attempt to find an older build of Apache Axis (or download one of the older iControl libraries for Java) and use that version of axis.jar if you are willing to accept this vulnerability in the Apache code.

 

-Joe