Last Modified: Nov 07, 2022
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 13.1.1, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 13.1.3, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 13.1.4, 18.104.22.168, 13.1.5, 22.214.171.124
Opened: Nov 22, 2017 Severity: 3-Major
As part of phonehome, the licensing process uses an encrypted key which keeps it's passphrase securely in tmsh.
The bigip.conf will not load without having to edit out the key and certificate entries. Also, phonehome will not work since there is no passphrase for the encrypted key.
If the tmsh entry is deleted, then the key can no longer be used and issuing a new registration key will fail to create a new key and the bigip.conf will no longer load.
Edit out the section for f5_api_com.key in /config/bigip.conf and run tmsh load sys config. Then remove the key: rm -f /config/ssl/ssl.key/f5_api_com.key and reinstall the license registration key.
The fix will test if the tmsh has a reference to the f5_ap_com.key and delete the actual key during the license process which will then generate a new key and passphrase, thus updating tmsh.