Bug ID 1612201: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP DNS(all modules)

Known Affected Versions:
15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.5, 16.1.5.1, 17.1.1.3, 17.1.1.4, 17.1.2

Opened: Jul 10, 2024

Severity: 3-Major

Symptoms

The gtm_add command fails with: "ERROR: found "END CERT..." without BEGIN at line: 0. ERROR: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt."

Impact

The gtm_add command fails with a malformed certificate error.

Conditions

A device certificate in PEM format contains a newline as CRLF: -- Create device certificate where "-----BEGIN CERTIFICATE-----" is terminated with CRLF ('\r\n' 0x0D 0x0A) instead of LF ('\n' 0x0A) -- Perform the gtm_add.

Workaround

To mitigate use openssl x509 to convert CRLF to LF: # cp /config/httpd/conf/ssl.crt/server.crt /config/httpd/conf/ssl.crt/server.crt-back # openssl x509 -in /config/httpd/conf/ssl.crt/server.crt-back > /config/httpd/conf/ssl.crt/server.crt

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips