CSS11503 - Won't delete ssl cert file

qubenetworks · ‎08-29-2008

Hi All,

I have 2 css11503's in one armed active/passive mode. I have applied ssl certs on both boxes, one of them gives me the message that key and file are not valid (works fine on primary), I've done a show ssl file and the cert in question is there, when i do a delete ssl file 'xx' it reports the file does not exist so i try to re-import and this fails because 'file already exists'!! Reboot hasn't helped. I have deleted/reimported the rsa key, has anyone else seen this? I am running version 08.10.1.06, should I upgrade to a better version?

Gilles Dufour · ‎09-01-2008

it won't be a bad idea to do an upgrade to 8.1(401) has there were many improvements in that area.

In the meantime, you can try to erase the crypto files with the command :

llama

ssl clearfiles

Gilles.

qubenetworks · ‎09-01-2008

Thanks Giles,

I opened a TAC case and finally got it resolved, I had to import a different file, copy that to the corrupt one (in llama)::

ap_file copy c:/CertStore/ssl/good.pem c:/CertStore/ssl/bad.pem

backout of llama and I could then delete the file using the 'clear ssl file xx.pem' command. The following command::

CSS11501(debug)# ap_file delete c:/CertStore/ssl/

didn't work, as it said you cannot delete Certfiles, I was trying to avoid the ssl clearfiles command (TAC's 3rd option) as there are quite a few on there and I didn't want to reconfigure the whole lot!

Finally have the app session reporting UP and no warnings about ssl configs not the same!

Toby