Bug ID 703298: Licensing and phonehome_upload are not using the sync'd key/certificate

Last Modified: Mar 21, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3

Fixed In:
14.0.0, 13.1.0.6

Opened: Jan 23, 2018
Severity: 3-Major

Symptoms

After config-sync, the secondary unit's key passphrase does not decrypt the cached key file.

Impact

phonehome_upload will fail on the secondary unit because the passphrase doesn't match the key file.

Conditions

The original file for f5_api_com.key is used instead of the cached file.

Workaround

After sync, copy the file /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_api_com.key_xxxx over to /config/ssl/ssl.key/f5_api_com.key using the following commands: # cd /config/filestore/files_d/Common_d/certificate_key_d # cp -a :Common:f5_api_com.key_xxxx /config/ssl/ssl.key/f5_api_com.key :Common:f5_api_com.key_xxxx Once the /config/ssl/ssl.key file is in sync, then loading the config with either cached or un-cached file will work fine.

Fix Information

The system now removes the source-path files and only keeps the cache-path files. phonehome_upload now will work on the standby unit after a config-sync. Without the source-path files which do not get sync'd, there is no danger of re-loading them.

Behavior Change