Need to re-enter passphrase for encrypted private keys during upgrade?

Question

Hi F5'ers,
&nbsp;I have a number of SSL profiles with encrypted passphrases.
&nbsp;Does "sol9420: Installing a UCS file containing an encrypted passphrase" (http://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html?sr=21844137) apply to upgrades (I'm intending to go 10.2.1 on MD1.3 to 10.2.4 on MD1.1) too, or does the upgrade process some how reuse Master Key from previous MD?
&nbsp;Thanks, Alex.&nbsp;

el_jefe · Answer

Alex -  
&nbsp;  
&nbsp; I have seen this issue going from 9.x - 10.x - 11.x on different boxes, but haven't seen it going between minor versions (like 10.2.1 to 10.2.4) on the same box. I'm pretty sure they stay the same. I don't have any encrypted keys on my lab box, so I can't easily test. I would export them all just in case. Since you have multiple volumes, it makes testing somewhat easy. You can also create a new volume, load 10.2.4, and the hotfix, and it should copy the config over from 1.1, if it gives you issues use the cpcfg command to copy the config from MD1.1 
&nbsp;  
&nbsp; Hope this helps.

nitass · Answer

i do not think you will get master key issue when upgrading on the same box.

Forum Discussion

Need to re-enter passphrase for encrypted private keys during upgrade?

2 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Could not communicate with the system. Try to reload page.

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Encrypted UCS Backup with REST-API

Automate Let's Encrypt Certificates on BIG-IP

Password Safety & Security: Passwords vs. Passphrases

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS