Need to re-enter passphrase for encrypted private keys during upgrade?

Question

Hi F5'ers,
&nbsp;I have a number of SSL profiles with encrypted passphrases.
&nbsp;Does "sol9420: Installing a UCS file containing an encrypted passphrase" (http://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html?sr=21844137) apply to upgrades (I'm intending to go 10.2.1 on MD1.3 to 10.2.4 on MD1.1) too, or does the upgrade process some how reuse Master Key from previous MD?
&nbsp;Thanks, Alex.&nbsp;

el_jefe · Answer

Alex -  
&nbsp;  
&nbsp; I have seen this issue going from 9.x - 10.x - 11.x on different boxes, but haven't seen it going between minor versions (like 10.2.1 to 10.2.4) on the same box. I'm pretty sure they stay the same. I don't have any encrypted keys on my lab box, so I can't easily test. I would export them all just in case. Since you have multiple volumes, it makes testing somewhat easy. You can also create a new volume, load 10.2.4, and the hotfix, and it should copy the config over from 1.1, if it gives you issues use the cpcfg command to copy the config from MD1.1 
&nbsp;  
&nbsp; Hope this helps.

nitass · Answer

i do not think you will get master key issue when upgrading on the same box.

Forum Discussion

Need to re-enter passphrase for encrypted private keys during upgrade?

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Load Balancing TCP TLS Encrypted Syslog Messages

Password Safety & Security: Passwords vs. Passphrases

AS3 TLS certificate without passphrase

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS