CirrostratusHi guys, anybody know or encountered this already in v14?
Could not list EM ceritifcate directory '/shared/em/ssl.crt' in function LoadEmCertificates: Permission denied
NoctilucentCan you try with root password. But EM doesn't support v13 and above version of F5 device as per F5 support.
Cirrostratus@f5_rock the logs were seen in F5 GTM, I don't why it is complaining on the cert and logging this error.
Jan 28 03:30:46 f5ext1.adb.org err big3d[5192]: 12b10000:3: Could not list EM ceritifcate directory '/shared/em/ssl.crt' in function EmCertsModified: Permission denied Jan 28 03:30:46 f5ext1.adb.org err big3d[5192]: 12b10000:3: Could not list EM ceritifcate directory '/shared/em/ssl.crt' in function LoadEmCertificates: Permission denied
NoctilucentThere could be issue with big3d version mismatch. Can you raise support case for this because EM is EOS from F5.
Cirrostratus@f5_rock yes that is my next action :)
NimbostratusHello,
you resolved this case?
Faced with the same messages in logs...
CirrostratusHi i don't remember 100% how we resolved this. But one thing I remember is that when we have successfully established GTM comminucation & iQuery, after a week my client changed the certificate uploaded on all of the GTMs and that is what caused the issue(i think). So what we did was, renew the device certs on all gtm devices and established GTM & iQuery again.
CirrusHi Alexandr,
Have you resolved the issue? We have migrated EM to BIG-IQ almost few month back.
But not sure why this message coming every 10 Sec.
Any leads?
MVP
Do you have any EM in your infra. The /shared/em/ssl.crt/ is a folder.
This folder has certain EM certs in it. abchostname.crt could be the hostname of an EM in your infra. So that EM's cert would reside on the F5 devices for communication. If the cert does not exist, it means the EM could not establish communication with the F5 device.
Cirrusyeah, i checked 14.1.2.1 latest release, its a known issue. But there is no any workaround yet. So not sure after upgrading to 14.1.2.1 will resolve our issue. We are already on 14.1.2
Known Issues in BIG-IP v14.1.x
807913 : The word 'ceritifcate' is misspelled in an error message
Component: Enterprise Manager
Symptoms:
The word 'ceritifcate' should be spelled 'certificate' in the error message:
err big3d[5725]: 12b10000:3: Could not list the ceritifcate directory '/shared/em/ssl.crt' in function EmCertsModified: Permission denied.
Conditions:
This message is produced by big3d when attempting to re-read the certificate file after it realises the timestamp of the file has changed.
Impact:
There is no functional impact to the system. This is an error message that needs updating. In addition, the inclusion of the term 'EM' is erroneous, and you can ignore it.
Workaround:
None.
CirrusYes, Its know bug. You may upgrade to 14.1.2.1-0.0.4 or just simply ignore. For bug information please check latest release notes.