Bug ID 614808: Running qkview with option -c (--complete) fails if there is an encrypted key

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
13.0.0

Opened: Sep 07, 2016
Severity: 3-Major

Symptoms

When you run qkview -c, you are prompted for a password: Enter pass phrase for ./Common_d/certificate_key_d/:Common:f5_api_com.key_64768_1:

Impact

qkview -c cannot be run because /bin/printcertmods requires a valid passphrase to finish.

Conditions

An OpenSSL key exists that is encrypted with a passphrase.

Workaround

Unless you can enter passphrases from the command line, assuming there are a small number of such keys and the passphrase is available, there is no workaround.

Fix Information

The fix simply avoids the issue and skips computing the modulus for any encrypted key.

Behavior Change