Symptoms
The BIG-IP downloads an f5_api_com.crt certificate file when a production BIG-IP license is installed, but a subsequent "load sys config" reverts to the pre-certificate config, and deletes (tidies up) the file.
Impact
F5_api_com.crt certificate file is not present on the BIG-IP system.
Conditions
-- Activate a BIG-IP license in either the GUI or tmsh (this causes the f5 API certificate to be downloaded and installed into the config)
-- Run 'tmsh load sys config'
-- Observe that the f5_api_com.crt object is no longer present in the BIG-IP config.
Workaround
- Ensure that "tmsh save sys config" is run after installing a new BIG-IP license.
- If the certificate has been removed from the BIG-IP configuration, but is still present in the filesystem, you can import it with the expected name (f5_api_com.crt):
"tmsh create sys file ssl-cert f5_api_com.crt source-path file:///config/ssl/ssl.crt/f5_api_com.crt"
- If the certificate has been lost, you can re-activate the license, to cause a new API certificate to be pulled down from the F5 license server.
