BugZero | F5 BugID 1070393 - The f5_api_com.crt certificate file may be removed...

OPERATIONAL DEFECT DATABASE

...

BugZero | F5 BugID 1070393 - The f5_api_com.crt certificate file may be removed...

F5 - Defect ID: 1070393

The f5_api_com.crt certificate file may be removed by the load sys config command

F5 - Defect ID: 1070393

The f5_api_com.crt certificate file may be removed by the load sys config command

Last updated on October 19th, 2025

BugZero Risk Score
6.7 Medium

Overall: 6.7

Severity: 7.3

Community: 4.2

Lifecycle: 6.4

What is the BugZero Risk Score?

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: 3-Major
Status: New
Impact Category: TMOS

Description

Symptoms

The BIG-IP downloads an f5_api_com.crt certificate file when a production BIG-IP license is installed, but a subsequent "load sys config" reverts to the pre-certificate config, and deletes (tidies up) the file.

Impact

F5_api_com.crt certificate file is not present on the BIG-IP system.

Conditions

-- Activate a BIG-IP license in either the GUI or tmsh (this causes the f5 API certificate to be downloaded and installed into the config) -- Run 'tmsh load sys config' -- Observe that the f5_api_com.crt object is no longer present in the BIG-IP config.

Workaround

- Ensure that "tmsh save sys config" is run after installing a new BIG-IP license. - If the certificate has been removed from the BIG-IP configuration, but is still present in the filesystem, you can import it with the expected name (f5_api_com.crt): "tmsh create sys file ssl-cert f5_api_com.crt source-path file:///config/ssl/ssl.crt/f5_api_com.crt" - If the certificate has been lost, you can re-activate the license, to cause a new API certificate to be pulled down from the F5 license server.

Fix Information

None

Change history

2025-10-19 Added: 15.1.10.7, 15.1.10.8, 16.1.6.1, 17.1.3

2025-10-15 Added: 17.1.3

2025-06-28 Added: 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 15.1.10.7, 15.1.10.8, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3

Fixed versions: No known fixed versions

Relevant Products

Click on a version to see all relevant bugs

Fixed versions: No known fixed versions

Top F5 Defects

9.6Defect ID: 1496269
VCMP guest on version 16.1.4 or above might experience constant TMM crashes.
9.4Defect ID: 1785385
Intermittent traffic failures when tenant is running BIG-IP v17.1.2 or above and host is on version prior to F5OS-A 1.8.0 or F5OS-C 1.8.0
9.4Defect ID: 1407909
For E810 100G SR-IOV NICs, traffic disruption is seen with ICE driver v1.11.14 and NVM 4.20 combination.
9.4Defect ID: 970269
Install fails as lind keeps failing due to "Fatal error: block id new probe failed - device file:/dev/cdrom"
9.4Defect ID: 885949
Untagged packet traffic does not work on i15800 platforms with virtual wire

F5 Integration

Learn more about where this data comes from

F5 Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 1070393

The f5_api_com.crt certificate file may be removed by the load sys config command

F5 - Defect ID: 1070393

The f5_api_com.crt certificate file may be removed by the load sys config command

Last updated on October 19th, 2025

BugZero Risk Score6.7 Medium

Bug Details

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.7 Medium