Bug ID 508076: Cannot successfully create a key/cert via tmsh or the GUI of the form name.key1, where extension is in the name.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.1 HF1, 11.5.4 HF2

Opened: Feb 19, 2015

Severity: 3-Major

Symptoms

Unable to create SSL Certificate or Key if the name extension starts with a special extension.

Impact

Key creation or Certificate creation will fail. The following example command will fail with error. tmsh create sys crypto key test.key1 tmsh create sys crypto cert test.key1 key test.key1.key common-name test Error: Key management library returned bad status: 02, Not Found

Conditions

When creating a certificate or key, if the certificate/key name has an extension starts with one of (".key", ".crt", ".csr", ".crl", ".der", ".exp", ".pem"), then the creation will fail. For example, it is an error to create a key named "test.key1". In this case, the key extension ".key1" starts with ".key".

Workaround

do not create a key or certificate with name extension starts with one of (.key .crt .csr .crl .der .exp .pem).

Fix Information

With this fix, certificate/key extension can start with one of these special extensions.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips