Bug ID 858173: SSL Orchestrator RPM not installed on HA-peer after upgrade from

Last Modified: Jun 19, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP SSLO(all modules)

Known Affected Versions:
14.1.0,,,,,,, 14.1.2,,,,,,

Opened: Dec 06, 2019
Severity: 1-Blocking


With BIG-IP devices configured in high availability (HA) mode, with SSL Orchestrator configured, when upgrading from v14.1.2 to v15.1.x or newer, the SSL Orchestrator configuration is not synced properly across the HA configuration. This problem is caused by a REST framework sync issue between the devices in the high availability (HA) pair.


SSLO configuration not syncing across the BIG-IP HA pair.


-- BIG-IP devices configured in HA mode. -- SSL Orchestrator configured. -- Upgrading from v14.1.2 to v15.1.x or newer.


The following steps are required on both HA peers, first on the active and then on the standby BIG-IP device. 1. Open a terminal session with admin/root level access. 2. Run the following commands, in the order specified: bigstart stop restjavad rm -rf /shared/em/ssl.crt/* bigstart start restjavad restcurl -X DELETE shared/resolver/device-groups/tm-shared-all-big-ips/devices restcurl -X DELETE shared/gossip-conflicts restcurl -X DELETE shared/device-certificates restcurl -X POST -d '{"generateKeyPair": true}' shared/device-key-pair bigstart restart restjavad restnoded

Fix Information


Behavior Change