Bug ID 710017: iControl SOAP/GUI cannot generate SSL certificate or CSR for password-protected SSL key

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4

Fixed In:
14.1.0

Opened: Mar 13, 2018
Severity: 3-Major
Related AskF5 Article:
K10211160

Symptoms

Cannot use iControl SOAP commands or the GUI to generate SSL certificate or CSR for a SSL key that is protected by password.

Impact

Unable to generate a certificate or CSR for a key using iControl SOAP or the GUI.

Conditions

The SSL key is password-protected. That is, the key file has the below pattern as prefix. [root@big3:Active:Standalone] shared # head -2 test12345.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED

Workaround

You can use the following workarounds: Workaround A: Use tmsh to create the certificate or CSR. To do so, follow this procedure: 1. Run a command similar to the following: tmsh create sys crypto cert test12345 key test12345 common-name cn 2. Enter the PEM pass phrase: <<input the key's password>> 3. Run a command similar to the following: tmsh create sys crypto csr test12345 key test12345 common-name cn 4. Enter the PEM pass phrase: <<input the key's password>> Workaround B: Generate the certificate and CSR file using OpenSSL commands and then import them onto the BIG-IP system. 1. Run a command similar to the following: openssl req -x509 -sha256 -days 365 -key test12345.key -in test12345.csr -out test12345.crt 2. Enter the pass phrase for test12345.key: 12345 3. Run a command similar to the following: tmsh install sys crypto cert test12345 from-local-file /shared/test12345.crt 4. Run a command similar to the following: tmsh install sys crypto csr test12345 from-local-file /shared/test12345.csr

Fix Information

Can now use iControl SOAP commands or the GUI to generate SSL certificate or CSR for a SSL key that is protected by password.

Behavior Change