Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF3
Opened: Feb 01, 2016 Severity: 3-Major
When accessing the SSL Certificate List via the configuration utility (System/File Management/SSL Certificate List), the configuration utility may report the error "General database error retrieving information.". In addition, the ltm log will contain dlopen errors similar to: /var/log/ltm.1:Feb 1 05:41:47 bigip1 err iControlPortal.cgi[2572]: dlopen returned /usr/lib/fips/pkcs11_nethsm.so: cannot open shared object file: Too many open files for module /usr/lib/fips/pkcs11_nethsm.so /var/log/ltm.1:Feb 1 05:41:47 bigip1 err iControlPortal.cgi[2572]: dlopen returned /usr/lib/fips/cavium_luna.so: cannot open shared object file: Too many open files for module /usr/lib/fips/cavium_luna.so /var/log/ltm.1:Feb 1 05:41:47 bigip1 err iControlPortal.cgi[2572]: dlopen returned /usr/lib/fips/cavium_ngfips.so: cannot open shared object file: Too many open files for module /usr/lib/fips/cavium_ngfips.so
The SSL Certificate List becomes unusable.
The system contains files under tmsh list sys file ssl-csr. In the configuration utility, these will show in the SSL Certificate List with "Certificate Signing Request" as part of the entry in the "Contents" column. Each time that the SSL Certificate List page is loaded, files are held open and will eventually cause the issue.
To temporarily restore the functionality of the configuration utility, you can kill the iControlPortal.cgi process from an advanced shell, or restart httpd from tmsh. From bash: pkill iControlPortal From tmsh: restart /sys service httpd
The configuration utility's SSL Certificate List no longer reports the "General database error retrieving information." error after visiting the page several times.