Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.0.1, 14.0.0.5, 14.0.0.4, 14.0.0.3, 14.0.0.2, 14.0.0.1, 14.0.0, 13.1.3.6, 13.1.3.5
Fixed In:
14.1.0.1, 14.1.0
Opened: Oct 03, 2018 Severity: 3-Major
When you create an EC-key-cert-only client SSL profile and attach it to the virtual server, TMM marks the profile as invalid and reports an error in /var/log/ltm: -- crit tmm[16024]: 01260000:2: Profile /Common/c.f: could not load default key file; invalidating profile.
The system marks that client SSL profile invalid, rendering it unusable.
The issue is seen when the following conditions are met: -- An EC-type cert/key pair is configured on the client SSL profile. -- Forward proxy is enabled in the client SSL profile. -- No RSA key cert is configured on the client SSL profile.
Also configure an RSA-type key cert on the client SSL profile.
The client SSL profile no longer has the restriction for key/cert type when forward proxy is enabled.