UCS and Secure Socket Layer (SSL) certificate/key pairs

Question

Hi Guys,&nbsp;
There are many documents that reference the next:&nbsp;
"_UCS archive, by default, contains all of the files that are required to restore your current configuration to a new system, including configuration files, the product license, local user accounts, and Secure Socket Layer (SSL) certificate/key pairs._"&nbsp;
Such as "sol13132: Backing up and restoring BIG-IP configuration files (11.x)"&nbsp;
My question is, what kind of SSL certificate/key pairs are they talking about ?. are them the BIG-IP key pairs used to communicate between BIG-IP appliances in HA ?, are them the keys from the certificate I use for SSL offloading ?, or both of them (all SSL certificate/keys pairs on the system ?&nbsp;
Thank-you.&nbsp;

nitass · Answer

i understand all is included.
[root@ve11c:Active:In Sync] config  tar tzvf /var/local/ucs/test.ucs |grep 'key\|crt'
-rw-r--r-- root/root        64 2014-11-23 17:26:35 config/bigip/kstore/.unitkey
drwx------ root/root         0 2014-12-29 20:28:35 config/httpd/conf/ssl.crt/
drwx------ root/root         0 2014-12-29 20:28:35 config/httpd/conf/ssl.key/
drwxr-xr-x root/root         0 2015-01-09 09:42:12 config/ssl/ssl.crt/
drwxr-xr-x root/root         0 2015-03-15 09:01:14 config/ssl/ssl.key/
lrwxrwxrwx root/root          0 2014-12-29 20:30:20 config/rndc.key -&gt; /var/named/config/rndc.key
drwxrwxrwx root/root          0 2015-02-19 18:57:40 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:default.key_16947_1 -&gt; /config/ssl/ssl.key/default.key
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:default.key_17136_1 -&gt; /config/ssl/ssl.key/default.key
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:default.key_17127_1 -&gt; /config/ssl/ssl.key/default.key
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:default.key_17135_1 -&gt; /config/ssl/ssl.key/default.key
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_key_d/:Common:default.key_17062_1 -&gt; /config/ssl/ssl.key/default.key
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:default.crt_17132_1 -&gt; /config/ssl/ssl.crt/default.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:ca-bundle.crt_17134_1 -&gt; /config/ssl/ssl.crt/ca-bundle.crt
-rw-r--r-- root/root       9463 2014-11-29 23:08:32 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:chain.crt_39032_1
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:default.crt_17131_1 -&gt; /config/ssl/ssl.crt/default.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:default.crt_17058_1 -&gt; /config/ssl/ssl.crt/default.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:ca-bundle.crt_17133_1 -&gt; /config/ssl/ssl.crt/ca-bundle.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:f5-irule.crt_17056_1 -&gt; /config/ssl/ssl.crt/f5-irule.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:default.crt_16943_1 -&gt; /config/ssl/ssl.crt/default.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:default.crt_17123_1 -&gt; /config/ssl/ssl.crt/default.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:f5-irule.crt_17129_1 -&gt; /config/ssl/ssl.crt/f5-irule.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:f5-irule.crt_17121_1 -&gt; /config/ssl/ssl.crt/f5-irule.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:ca-bundle.crt_17125_1 -&gt; /config/ssl/ssl.crt/ca-bundle.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:ca-bundle.crt_17060_1 -&gt; /config/ssl/ssl.crt/ca-bundle.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:f5-irule.crt_17130_1 -&gt; /config/ssl/ssl.crt/f5-irule.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:f5-irule.crt_16941_1 -&gt; /config/ssl/ssl.crt/f5-irule.crt
lrwxrwxrwx root/root          0 2015-03-15 09:53:53 var/tmp/filestore_temp/files_d/Common_d/certificate_d/:Common:ca-bundle.crt_16945_1 -&gt; /config/ssl/ssl.crt/ca-bundle.crt
drwxrwxrwx root/root          0 2015-01-09 09:42:12 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_key_d/
-rw-r--r-- root/root       1704 2015-01-09 09:42:12 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_key_d/:Common:dtca.key_37020_4
-rw-r--r-- root/root       1704 2014-11-23 17:42:34 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_key_d/:Common:dtdi.key_37016_2
-rw-r--r-- root/root       1704 2014-12-25 00:27:05 var/tmp/filestore_temp/files_d/Common_d/ifile_d/:Common:keyfile1_85161_1
-rw-r--r-- root/root       1302 2015-01-09 09:42:12 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_d/:Common:dtca.crt_37018_4
-rw-r--r-- root/root       1302 2015-02-19 18:58:52 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_d/:Common:dtca-bundle.crt_37022_8
-rw-r--r-- root/root       1245 2015-01-09 09:42:12 var/tmp/filestore_temp/files_d/Common_d/trust_certificate_d/:Common:dtdi.crt_37014_4
drwx------ root/root          0 2015-03-15 09:53:53 var/tmp/cert_temp/ssl/ssl.key/
-rw------- root/root       1704 2015-03-15 09:53:53 var/tmp/cert_temp/ssl/ssl.key/default.key
drwx------ root/root          0 2015-03-15 09:53:53 var/tmp/cert_temp/ssl/ssl.crt/
-rw------- root/root       1338 2015-03-15 09:53:53 var/tmp/cert_temp/ssl/ssl.crt/default.crt
-rwx------ root/root    2206884 2015-03-15 09:53:53 var/tmp/cert_temp/ssl/ssl.crt/ca-bundle.crt
drwx------ root/root          0 2014-12-29 20:28:35 var/tmp/cert_temp/conf/ssl.key/
-rw------- root/root       1679 2014-11-23 17:25:42 var/tmp/cert_temp/conf/ssl.key/server.key
drwx------ root/root          0 2014-12-29 20:28:35 var/tmp/cert_temp/conf/ssl.crt/
-rw------- root/root       1464 2014-11-23 17:25:42 var/tmp/cert_temp/conf/ssl.crt/server.crt
-rw------- root/root       1468 1970-01-01 07:30:00 var/tmp/gtm_tmp/big3d/client.crt
-rw------- named/named     2389 2014-08-12 11:00:50 var/named/config/bind.keys
-rw------- named/named       77 2014-12-29 20:37:28 var/named/config/rndc.key

edouard_zorrill · Answer

Good to know. Thank-you,&nbsp;

Forum Discussion

UCS and Secure Socket Layer (SSL) certificate/key pairs

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Using ChatGPT for security and introduction of AI security

F5 Venafi Solution for Enterprise Key and Certificate Management

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023

Avoiding Common iRules Security Pitfalls

Re: Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ