Bug ID 520702: Add an option ignore-large-cert-bundles for "tmsh run sys crypto check-cert" to indicate whether to skip large size CA bundles.

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP All(all modules)

Fixed In:

Opened: Apr 30, 2015

Severity: 4-Minor


The tmsh command "tmsh run sys crypto check-cert" checks the validity of all the certificates and certificate bundles. However it will report the expiration of certificates in the bundle that may be unused. A new option is being added called "ignore-large-cert-bundles" for the command to indicate whether to ignore large certificate bundles (containing more than 20 certificates) during the check.







Fix Information

With this change, "tmsh run sys crypto check-cert ignore-large-cert-bundles enabled" will ignore those certificate bundles with large size (containing more than 20 certificates). "tmsh run sys crypto check-cert ignore-large-cert-bundles disabled" will not ignore anything, i.e., it checks all the certificates and bundles. The default value for ignore-large-cert-bundles is set to disabled. Therefore, the existing command "tmsh run sys crypto check-cert" won't change its existing behavior, i.e., it will still check the complete certificates and bundles.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips