Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP All
Fixed In:
12.1.0
Opened: Apr 30, 2015 Severity: 4-Minor
The tmsh command "tmsh run sys crypto check-cert" checks the validity of all the certificates and certificate bundles. However it will report the expiration of certificates in the bundle that may be unused. A new option is being added called "ignore-large-cert-bundles" for the command to indicate whether to ignore large certificate bundles (containing more than 20 certificates) during the check.
N/A
N/A
None
With this change, "tmsh run sys crypto check-cert ignore-large-cert-bundles enabled" will ignore those certificate bundles with large size (containing more than 20 certificates). "tmsh run sys crypto check-cert ignore-large-cert-bundles disabled" will not ignore anything, i.e., it checks all the certificates and bundles. The default value for ignore-large-cert-bundles is set to disabled. Therefore, the existing command "tmsh run sys crypto check-cert" won't change its existing behavior, i.e., it will still check the complete certificates and bundles.