Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Opened: Apr 17, 2015 Severity: 3-Major Related Article:
K57830372
Running the startup script command 'tmsh install sys crypto...' to update the CRL file errors out with 'file... expected to exist' exception.
The CRL file is retrieved, but due to the error it is not installed. This is because mcpd lacks read permission to the specified temp file. The system posts an error in /var/log/ltm similar to the following: err mcpd[6253]: 01070712:3: Caught configuration exception (0), file(/var/tmp/tmsh/7QjLFt/data) expected to exist. - sys/validation/FileObject.cpp, line 3151.
Follow the steps in the AskF5 SOL11948: Configuring the BIG-IP system to run commands or scripts upon system startup, (available here: https://support.f5.com/kb/en-us/solutions/public/11000/900/sol11948.html) to run startup_script_sol11948.sh at startup. Adapt this script to run the command: tmsh modify /sys file ssl-crl LatestCRL.crl source-path http://custom_url/NewLatestCRL.crl.
Update the CRL file from the local file using the following command: tmsh -m install sys crypto crl LatestCRL.crl from-local-file /root/LatestCRL.crl.
None