Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP DNS
Known Affected Versions:
15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.5, 16.1.5.1, 17.1.1.3, 17.1.1.4, 17.1.2
Opened: Jul 10, 2024 Severity: 3-Major
The gtm_add command fails with: "ERROR: found "END CERT..." without BEGIN at line: 0. ERROR: Malformed certificates found in local /config/httpd/conf/ssl.crt/server.crt."
The gtm_add command fails with a malformed certificate error.
A device certificate in PEM format contains a newline as CRLF: -- Create device certificate where "-----BEGIN CERTIFICATE-----" is terminated with CRLF ('\r\n' 0x0D 0x0A) instead of LF ('\n' 0x0A) -- Perform the gtm_add.
To mitigate use openssl x509 to convert CRLF to LF: # cp /config/httpd/conf/ssl.crt/server.crt /config/httpd/conf/ssl.crt/server.crt-back # openssl x509 -in /config/httpd/conf/ssl.crt/server.crt-back > /config/httpd/conf/ssl.crt/server.crt
None