Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP PEM
Known Affected Versions:
11.5.4, 11.5.4 HF1, 11.5.4 HF2, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2, 11.5.4 HF3
Opened: Sep 07, 2016 Severity: 2-Critical Related Article:
K70340015
Overwrite flag in iControl functions key/certificate_import_from_pem functions is ignored and might result in errors. Specifically, the functions are: key_import_from_pem() certificate_import_from_pem() key_import_from_pem_v2() certificate_import_from_pem_v2()
Cannot overwrite the key/certificate file-objects using these iControl calls.
When there is an existing key or certificate on the BIG-IP system, and you want to overwrite them using key_import_from_pem(), certificate_import_from_pem(), key_import_from_pem_v2(), or certificate_import_from_pem_v2() iControl calls, it results in errors stating that the key or certificate already exists on the BIG-IP system.
There are two workarounds: - Delete and import the key/certificate using key_import_from_pem(), certificate_import_from_pem(), key_import_from_pem_v2(), or certificate_import_from_pem_v2() iControl calls. - Use key_import_from_file and certificate_import_from_file iControl calls as an alternative to import key/certificate from a file.
Overwrite flag in iControl functions key/certificate_import_from_pem_v2() functions are now processed correctly and no longer produce errors.