Bug ID 495588: Configuration fails with Syntax Error after upgrading from pre-11.5.0 releases

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
11.2.1, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1

Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4

Opened: Dec 09, 2014

Severity: 3-Major

Related Article: K17338

Symptoms

Configuration fails with Syntax Error after upgrading to 11.5.0 from pre-11.5.0 releases.

Impact

Configuration load fails, and the system posts the alert: Syntax Error:(/config/bigip.conf at line: 12) one or more configuration identifiers must be provided.

Conditions

When upgrading from a pre-11.5.0 release to version 11.5.0, the key/cert have an extra period in the name (for example mykey..key and mycert..crt). Beginning with version 11.5.0, multiple key/cert pairs are associated with one clientssl, so each key/cert pair has a name. During upgrade, the system provides a name for each key/cert, which can cause problems if the existing key/cert name contains a period character.

Workaround

Manually edit the bigip.conf to add a title for the cert-key-chain, and then run the command: tmsh load sys config.

Fix Information

Before v11.5.0, Clientssl profile only supports one key/cert pair, no name associated with the key/cert pair. In v11.5.0, multiple key/cert pairs are associated with one clientssl, so each key/cert pair has a name.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips