Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1
Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4 HF2
Opened: Feb 19, 2015 Severity: 3-Major
Unable to create SSL Certificate or Key if the name extension starts with a special extension.
Key creation or Certificate creation will fail. The following example command will fail with error. tmsh create sys crypto key test.key1 tmsh create sys crypto cert test.key1 key test.key1.key common-name test Error: Key management library returned bad status: 02, Not Found
When creating a certificate or key, if the certificate/key name has an extension starts with one of (".key", ".crt", ".csr", ".crl", ".der", ".exp", ".pem"), then the creation will fail. For example, it is an error to create a key named "test.key1". In this case, the key extension ".key1" starts with ".key".
do not create a key or certificate with name extension starts with one of (.key .crt .csr .crl .der .exp .pem).
With this fix, certificate/key extension can start with one of these special extensions.