For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ossar_178453's avatar
Ossar_178453
Icon for Altostratus rankAltostratus
Feb 03, 2015

Loading / verifying a config fails with certificate key file missing

I am trying to merge an existing config with parts of another config. They do not overlap on any objects.

tmsh load sys config file /var/tmp/merge-bigip.conf verify

Yields an error,

0107134a:3: File object by name (/Common/name_masked.key) is missing.

However, the file exists in the file system and is properly listed in the GUI. From what I have searched and read the error can be somewhat misleading. If I remove the affected config (clientssl profile object) from the to-be-merged config file the error reappears for the next key file in line to be referenced in a clientssl profile.

So this seems to be a more general error rather than a specific file is missing error. All the certificates were imported via the dump to archive (from old LB) and import from archive (in the new LB) mechanism in the GUI.

application delivery
config
deployment
LTM
merge
TMSH

3 Replies

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 03, 2015

    Please make sure the object is not listed in WebUI with the .key or .crt extension.

    The file extension used to be hidden in WebUI. Key and cert with same name will be grouped this way.

    Try to run the following on CLI, please: 
    tmsh list sys file ssl-key
tmsh list sys file ssl-cert

    I guess you will see an output like *.key.key.

    Just re-import the relevant object without the extension and you should be fine.
  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 03, 2015

    I see you are using the "verify" syntax to validate the merge file.

    In case you want to merge additional configuration objects use the following syntax, please (without the "merge" parameter the currently running config will get lost and overwritten by the merge file´s content): 
    tmsh load sys config merge file
  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Feb 04, 2015

    Hi Ossar,

    there is an additional option to set for verification.

    Please validate the import file as follows: 
    tmsh load sys config merge verify file /shared/importfile

    It is important to use the "merge" parameter as well to verify the import file.

    Otherwise the script probably expects it to be a complete configuration.

    So I believe your current import file is already fine. It´s just the way to test it.

    Thanks, Stephan