Bug ID 484683

Bug Tracker
ID 484683

Bug ID 484683: Certificate_summary is not created at peer when the chain certificate is synced to high availability (HA) peer.

Last Modified: Mar 01, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6

Fixed In:
15.0.0, 14.1.2.7, 13.1.3.2

Opened: Oct 15, 2014

Severity: 4-Minor

Symptoms

-- After a configuration synchronization (ConfigSync) operation, the peer of a high-availability (HA) pair cannot show the summary of cert-chain using the command: tmsh run sys crypto check-cert verbose enabled -- After a ConfigSync operation, Certificate Subjects may be missing or empty when viewed in the Configuration Utility/GUI under System :: Certificate Management : Traffic Certificate Management : SSL Certificate List :: <certificate>.

Impact

After a ConfigSync operation, the certificate chain summary is not created on other high availability (HA) peers. However, the entire file is physically present on both devices and should not impact traffic.

Conditions

Conditions leading to this issue include: 1. On the command line or in the GUI, set up an high availability (HA) configuration. 2. Import Certificate chain to one BIG-IP system. 3. Perform a ConfigSync operation to sync the certificate chain to the high availability (HA) peer.

Workaround

1. Copy the cert-chain file to a location on the system (e.g., /shared/tmp/). 2. Update the cert-chain using a command similar to the following: modify sys file ssl-cert Cert-Chain_Browser_Serv.crt source-path file:/shared/tmp/Cert-Chain_Browser_Serv.crt_5361_1. Note: The step above causes the units to be out of sync, so an additional config-sync operation is required to bring the units 'In Sync' again.

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips