Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 17.0.0, 17.0.0.1, 17.0.0.2
Opened: May 30, 2022 Severity: 3-Major
Invalid config after iControl call: the certificate and key of the child profile do not change as expected.
1. The child profile has an incorrect configuration. 2. The older certificate/key can not be deleted as they are still in use in the child profile.
1. The SSL profile should default from a parent profile. 2. iControl REST is used to change the certkeychain of the parent profile. 3. The issue cannot be seen after the first call but from the second call, it's always reproducible.
Can use currently deprecated iControl call by using key and cert instead of certkeychain as follows: curl -k -u admin:admin -H "Content-Type: application/json" -X PATCH https://10.155.75.246/mgmt/tm/ltm/profile/client-ssl/parent.example.com -d '{"key":"/Common/default.key","cert":"/Common/default.crt"}'
None