Forum Discussion
Jogen_Doshi_453
Nimbostratus
NimbostratusSSL Certificate Expiration Dates
We are using a BIG-IP LTM 3900 version 11.3.0, when trying to check for SSL CA certificates about to expire under System-->File Management-->SSL Certificate list. I get 2 different dates for expiry of one certificate & key pair. I am seeing the correct date under the Expiration column but when I click on the certificate the properties page that opens gives me a past date against the Expires section.
Can someone please help.
2 Replies
- nitass
Employee
it looks correct here.
e.g.
config [root@ve11a:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:443 ip-protocol tcp mask 255.255.255.255 pool foo profiles { myclientssl { context clientside } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 65 } [root@ve11a:Active:In Sync] config tmsh list ltm profile client-ssl myclientssl ltm profile client-ssl myclientssl { app-service none cert-key-chain { server { cert server.crt chain chain.crt key server.key } } defaults-from clientssl } [root@ve11a:Active:In Sync] config tmsh list sys file ssl-cert server.crt sys file ssl-cert server.crt { certificate-key-size 4096 checksum SHA1:7112:924b5aee7e062690ab1adbae6d9243dcbd841ec9 create-time 2014-08-20:03:25:18 created-by root expiration-date 1440066230 expiration-string "Aug 20 10:23:50 2015 GMT" issuer CN=ca2013.acme.com,OU=Support,O=Acme,ST=WA,C=US key-type rsa-public last-update-time 2014-08-20:03:25:18 mode 33188 revision 1 serial-number 3 size 7112 subject CN=server.acme.com,OU=IT,O=Acme,ST=WA,C=US updated-by root version 3 } test [root@ve11a:Active:In Sync] config echo | openssl s_client -connect 172.28.24.10:443 2> /dev/null | openssl x509 -noout -dates notBefore=Aug 20 10:23:50 2014 GMT notAfter=Aug 20 10:23:50 2015 GMT - boneyard
MVP
is it a huge difference or just a rounding issue?
anyway this feels something to report to F5 support, might be a known bug or such.
