Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP All, Install/Upgrade
Known Affected Versions:
11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Opened: Jan 05, 2015 Severity: 3-Major Related Article:
K90250656
Using iControl, a system admin is able to remove all the keys/certificates associated with a clientSSL profile. If this remains in the configuration and the system is upgraded to a version that validates that there are no empty keys or chains, the config will fail to load and will post this error signature in /var/log/ltm: emerg load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- 01070315:3: profile <Client SSL profile> requires a key Unexpected Error: Loading configuration process failed.
The configuration fails to load.
Using iControl to remove keys and certificates from a clientSSL profile. Note: This issue may not be seen initially if the clientSSL profile is not in use. Upgrading to a version that performs validation against empty keys and chains, such as an upgrade from 11.5.1 to 11.6.0, will reveal the issue.
SSL profiles with no keys or certificates are invalid profiles. Make sure you fully delete all profiles if this is your intention. Also be careful not to leave the profile and delete only the key and certificate using iControl.
None