Forum Discussion

yoni_100721's avatar
yoni_100721
Icon for Nimbostratus rankNimbostratus
Apr 22, 2014

Upgrade issues with HA devices using Device trust

So I upgraded from 11.5.0 to 11.5.0 HF2 due to HeartBleed.

 

I was running on HD1.3 with 11.5.0. I uploaded the new ISO and installed it on HD1.1 patched HF2 on HD1.1 and made it the active boot location and told it to copy over the config.

 

The system booted and config was copied over and everything was happy besides the cert that is used didn't exist so I had to blow away the trust (via CLI by editing bigip_base.conf "cm cert /Common/dtca-bundle.crt") between the 2 boxes and rebuild after the fact.

 

My question is: Is there a clean way to upgrade the system and copy over the cert so the trust doesn't need to be broken and rebuilt? or is that just part of the upgrade process?

 

  • i think i did not reset trust domain when upgrading. also, i do see dtca-bundle.crt in ucs file.

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) save sys ucs test.ucs
    Saving active configuration...
    /var/local/ucs/test.ucs is saved.
    
    [root@ve11a:Active:In Sync] config  tar tzvf /var/local/ucs/test.ucs |grep dtca-bundle.crt
    -rw-r--r-- root/root       1298 2014-04-08 20:26:00 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_27099_8
    
  • I don't do upgrades very often I guess reloading the UCS is a clean way of doing this.

     

    Thanks!