Last Modified: Apr 24, 2026
Affected Product(s):
BIG-IP LTM, SSLO
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.1.3.1, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3, 17.5.1.4, 17.5.1.5, 21.0.0, 21.0.0.1
Opened: Apr 21, 2026 Severity: 3-Major
Connections fail with alert(46) unknown certificate error The following is logged in /var/log/ltm "unable to build certificate trust chain for profile"
Dynamic CRLs cannot be used if backend servers are configured with self-signed certificates.
Serverssl profile that uses Dynamic CRL, and the backend servers are configured with self-signed certificates.
Add any self-signed certificates to the trusted CA of the ssl profile.
None