Error Reading Key Pem File /config/ssl/ssl.key/default.key
a Support Case Contact Support Policies and Warranties Documentation Products BIG-IP LTM BIG-IP AAM BIG-IP AFM BIG-IP Analytics BIG-IP APM BIG-IP ASM BIG-IP DNS BIG-IP GTM BIG-IP Link Controller BIG-IP PEM BIG-IQ Centralized Management FirePass Mobile & App Store Apps F5 iWorkflow DDoS Hybrid Defender SSL Orchestrator View all Products Architectures Amazon Web Services Services Consulting Training Certification Support Programs Need Additional Help? Open a Support Case Contact Support Policies and Warranties Downloads BIG-IP 12.x BIG-IP 11.x BIG-IP 10.x BIG-IP 9.x BIG-IQ Enterprise Manager 3.x FirePass Platform / EUD See All Downloads AskF5 Home SOL13831 Amazon Web Services Applies To: Show Versions BIG-IP LTM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP AAM 11.5.1, 11.5.0, 11.4.1, 11.4.0 BIG-IP AFM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0 BIG-IP APM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP ASM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP GTM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP Link Controller 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP PEM 11.5.1, 11.5.0, 11.4.1, 11.4.0, 11.3.0 BIG-IP PSM 11.4.1, 11.4.0, 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP WebAccelerator 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP WOM 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 BIG-IP Edge Gateway 11.3.0, 11.2.1, 11.2.0, 11.1.0, 11.0.0 sol13831: Missing or corrupt default SSL certificate and key pair may generate errors (11.x) Informational Original Publication Date: 08/30/2012Updated Date: 05/27/2016 TopicThis article applies to BIG-IP 11.x. For information about other versions, refer to the following article:SOL
iCall iControl iControlREST IP Intelligence Services iRules iRulesLX iWorkflow Linerate LTM MobileSafe Secure Web Gateway Silverline TMOS TMSH WebSafe Clear all filters Back to List Answers Can't use encrypted key with passhrase on SSL Forward Proxy Updated 24-Feb-2014•Originally posted on 24-Feb-2014 by Chris Everest 9 application delivery ltm management security tmos When creating a clientssl profile, I'm attempting to use an encrypted CA key with the SSL Forward proxy setting enabled. I'm using self created CA cert/key pair with the key being encrypted. I've http://support.f5.com/kb/en-us/solutions/public/13000/800/sol13831.html tried both the CLI and web-based gui and get the same error. This seems to work just fine with an unencrypted key, but when requiring a passphrase, I get this error no matter how I try to set the key/passphrase. In the example below, I've added the passphrase before the key, thinking that might work. Nothing works however. user@(f51)(cfg-sync https://devcentral.f5.com/questions/cant-use-encrypted-key-with-passhrase-on-ssl-forward-proxy Changes Pending)(Active)(/Common)(tmos.ltm.profile.client-ssl)# list clientssl-wildcardssl ltm profile client-ssl clientssl-wildcardssl { app-service none cert wildcard.domain.com.crt cert-extension-includes { basic-constraints key-usage subject-alternative-name } defaults-from clientssl key wildcard.domain.com.key proxy-ca-passphrase
iCall iControl iControlREST IP Intelligence Services iRules iRulesLX iWorkflow Linerate LTM MobileSafe Secure Web Gateway Silverline TMOS TMSH WebSafe Clear all filters Back to List Answers Cannot Renew Certifcate and private key https://devcentral.f5.com/questions/cannot-renew-certifcate-and-private-key-but-keep-the-same-name-in-f5-config- ( but keep the same name in F5 config ) Updated 16-Apr-2014•Originally posted on 16-Apr-2014 by elastic 100 asm devops iapps management security Hi, Am trying to renew the wildcard certificate for our http://serverfault.com/questions/316907/ssl-error-unable-to-read-server-certificate-from-file main domain. The CSR is generated elsewhere ( ie not on the F5 ), and have the cert/key from a CA already. The current certificate/key is in use. Trying to update either the error reading certificate or the key, results in the F5 complaining that the key does not match the certificate or vice versa. So, several workarounds to do this would be to delete the certificate/key pair and recreate, or add the certificate/key under a new name. Either one involoves enourmous pain, as the certificate is used by hundreds of iApps ( coding involved ). Does anyone have an alternate suggestion. error reading key Seems I cannot be the only person with this issue, but so far as I can find, it seems like a unique problem? Help or suggestions appreciated error message # v11.4 01070313:3: Error reading key PEM file /config/filestore/files_d/Common_d/certificate_key_d/:Common:star.mydomain.com.key_12345_1 for profile /Common/myapp.app/myapp_as_client-ssl: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch 0 Rate this Question Answers to this Question 10 Answers: USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER Updated 16-Apr-2014•Originally posted on 16-Apr-2014 by Cory 3566 So another option could be that you create a new certificate and key pair, and then manually edit /config/bigip.conf and replace every instance of the previous certificate and key with the new certificate and key in each of your SSL profiles. Once done, perform a 'tmsh load sys config'. This might also be a bit tedious, but less so than doing it by clicking through the GUI. 0 USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER Updated 17-Apr-2014•Originally posted on 17-Apr-2014 by elastic 100 Hi, Here is the process. Background reading, http://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html#14 Backup bigip.conf import new cert/key into F5 via gui named - samenamecert170414 - ie same name but with date added on end reconfig one iApp to use new cert/key edit bigip.conf search/replace samenamecert.ke
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top SSL Error - unable to read server certificate from file up vote 21 down vote favorite 10 I've been setting up SSL for my domain today, and have struck another issue - I was hoping someone could shed some light on.. I keep receiving the following error messages: [error] Init: Unable to read server certificate from file /etc/apache2/domain.com.ssl/domain.com.crt/domain.com.crt [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error I'm running Apache 2.2.16 and Ubuntu 10.10. My .crt file has the Begin and End tags, and has been copied exactly from the confirmation email I received, very frustrating! Cheers! Edit >> When trying to verify the .crt It doesn't seem to work: >> openssl x509 -noout -text -in domain.com.crt unable to load certificate 16851:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE Also >> >> openssl x509 -text -inform PEM -in domain.com.crt unable to load certificate 21321:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE >> openssl x509 -text -inform DER -in domain.com.crt unable to load certificate 21325:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1316: 21325:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509 Edit>> (Cheers for the help by the way) >> grep '^-----' domain.com.crt -----BEGIN CERTIFICATE----- ---