Why F5 don't show the expired certificate in ca-bundle

Question

I run command "tmsh run sys crypto check-cert" on my test F5 but it don't show the expired certificate in ca-bundle. F5 still show other expired certificate. In the ca-bundle have the expired certificate that I check via GUI. &nbsp;
But I run same command on other F5, it show all the expired certificate include the expired certificate in ca-bundle.&nbsp;
Why the F5 didn't show the expired certificate in ca-bundle?&nbsp;
Thank you&nbsp;

samir_jha_52506 · Answer

Bundle certificate is combined of multiple certificates &amp; it only display live certificate validity. Though GUI you can see certificate in Drop down list &amp; it will show expiry date.&nbsp;
LTM log will show the expire certificate details. Please correct me.&nbsp;

shaun_simmons1 · Answer

tmsh run sys crypto check-cert --Only checks the FIPS module. Your CA bundle is not "saved" on your FIPS module. Therefore, you have to use the GUI to check the bundle, by clicking on it and reviewing what it contains.; also since it is not an individual cert, the GUI will not show which Certs in the bundle are expired, since a bundle is a layered cert list.

Forum Discussion

Why F5 don't show the expired certificate in ca-bundle

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Creating, Importing and Assigning a CA Certificate Bundle

LTM Certificate expire

Automating Certificate Management on F5 BIG-IP

CheckMk F5 Certificate Expiration using SNMP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS