Bug ID 508076: Cannot successfully create a key/cert via tmsh or the GUI of the form name.key1, where extension is in the name.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1

Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4 HF2

Opened: Feb 19, 2015
Severity: 3-Major


Unable to create SSL Certificate or Key if the name extension starts with a special extension.


Key creation or Certificate creation will fail. The following example command will fail with error. tmsh create sys crypto key test.key1 tmsh create sys crypto cert test.key1 key test.key1.key common-name test Error: Key management library returned bad status: 02, Not Found


When creating a certificate or key, if the certificate/key name has an extension starts with one of (".key", ".crt", ".csr", ".crl", ".der", ".exp", ".pem"), then the creation will fail. For example, it is an error to create a key named "test.key1". In this case, the key extension ".key1" starts with ".key".


do not create a key or certificate with name extension starts with one of (.key .crt .csr .crl .der .exp .pem).

Fix Information

With this fix, certificate/key extension can start with one of these special extensions.

Behavior Change