Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Opened: Jul 20, 2017 Severity: 3-Major Related Article:
K23241495
When a certificate stored in DER format is exported, all bytes with values larger than 0x7E are replaced with 0x3F, and there is one more byte added (0x0a) at the end of the binary file.
Corrupted certificate.
Using the GUI to export a certificate stored in DER format.
You will need to use openssl to create a copy of the certificate in .pem or .der format. For example, to export the der certificate myder.crt to a mycert.pem certificate in .pem format, run the following command: openssl x509 -out mycert.pem -in /config/filestore/files_d/Common_d/certificate_d/\:Common\:myder.crt_75978_1 -inform der Note: This works for system users who can access the bash command, specifically, those with the administrator role.
None