Bug ID 526223: Renewing default.crt through openssl command shows previous expiry date while listing in TMUI

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Jun 03, 2015
Severity: 4-Minor
Related AskF5 Article:
K46527534

Symptoms

TMUI 'System :: File management :: SSL Certificate List default certificate shows previous expiration date until MCP config is force loaded.

Impact

GUI will still shows the old expiration date. This is a GUI SSL Certificate list page issue; the certificate details page shows the correct expiration date, and the device works as expected with the newly generated certificate.

Conditions

The default.crt is renewed using the command line (because there is no way to renew the default certificate is not using the GUI).

Workaround

To reflect the new certificate expiration date, have MCP force load config as described in K13030: Forcing the mcpd process to reload the BIG-IP configuration (https://support.f5.com/csp/article/K13030).

Fix Information

TMUI now shows latest expiration date even if default.crt renewed using the command line.

Behavior Change