Last Modified: Oct 16, 2023
Affected Product(s):
BIG-IP Install/Upgrade
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.2.1, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4
Opened: Dec 09, 2014 Severity: 3-Major Related Article:
K17338
Configuration fails with Syntax Error after upgrading to 11.5.0 from pre-11.5.0 releases.
Configuration load fails, and the system posts the alert: Syntax Error:(/config/bigip.conf at line: 12) one or more configuration identifiers must be provided.
When upgrading from a pre-11.5.0 release to version 11.5.0, the key/cert have an extra period in the name (for example mykey..key and mycert..crt). Beginning with version 11.5.0, multiple key/cert pairs are associated with one clientssl, so each key/cert pair has a name. During upgrade, the system provides a name for each key/cert, which can cause problems if the existing key/cert name contains a period character.
Manually edit the bigip.conf to add a title for the cert-key-chain, and then run the command: tmsh load sys config.
Before v11.5.0, Clientssl profile only supports one key/cert pair, no name associated with the key/cert pair. In v11.5.0, multiple key/cert pairs are associated with one clientssl, so each key/cert pair has a name.