Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP PEM
Known Affected Versions:
11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1
Fixed In:
13.0.0, 12.1.2, 11.6.1 HF2, 11.5.4 HF3
Opened: Sep 07, 2016 Severity: 2-Critical Related Article:
K70340015
Overwrite flag in iControl functions key/certificate_import_from_pem functions is ignored and might result in errors. Specifically, the functions are: key_import_from_pem() certificate_import_from_pem() key_import_from_pem_v2() certificate_import_from_pem_v2()
Cannot overwrite the key/certificate file-objects using these iControl calls.
When there is an existing key or certificate on the BIG-IP system, and you want to overwrite them using key_import_from_pem(), certificate_import_from_pem(), key_import_from_pem_v2(), or certificate_import_from_pem_v2() iControl calls, it results in errors stating that the key or certificate already exists on the BIG-IP system.
There are two workarounds: - Delete and import the key/certificate using key_import_from_pem(), certificate_import_from_pem(), key_import_from_pem_v2(), or certificate_import_from_pem_v2() iControl calls. - Use key_import_from_file and certificate_import_from_file iControl calls as an alternative to import key/certificate from a file.
Overwrite flag in iControl functions key/certificate_import_from_pem_v2() functions are now processed correctly and no longer produce errors.