For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

t-roy's avatar
t-roy
Icon for Nimbostratus rankNimbostratus
Nov 14, 2012

SSL and Cert keystore in V11

Where did they move this to in V11? In v10 it was in /config/ssl.key and ssl.crt  
security
Wire's avatar
Wire
Dec 05, 2012
Hi Aaron,

 

 

Do you know if there is any particular logic to the new naming convention used?

 

 

For example, why are the directories appended with "_d"?

 

Why are they using colons ":" in the file names which means that I need to escape them when scp-ing, mv, openssl etc.

 

If the files are in "Common_d" why rename the files at all to contain ":Common:"?

 

 

Also in the bigip.conf and when creating an scf there is a sys file entry which now contain the following:

 

 

sys file ssl-cert /Common/my.domain.local.crt {

 

cache-path /config/filestore/files_d/Common_d/certificate_d/:Common:my.domain.local.crt_1

 

revision 1

 

}

 

 

sys file ssl-key /Common/my.domain.local.key {

 

cache-path /config/filestore/files_d/Common_d/certificate_key_d/:Common:my.domain.local.key_1

 

revision 1

 

source-path /config/ssl/ssl.key/my.domain.local.key

 

}

 

 

the cache-path seems to imply that this is the location for a copy of the file, but that doesn't seem to be the case. It's poorly documented in the tmsh ref guide.

 

 

the source-path points to a file that does not exist at all.

 

 

Any input appreciated.