Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Opened: Mar 24, 2023 Severity: 3-Major
If the key/cert names longer than 141 characters are used in the SSL profile and attached the profile to virtual server, when tried to connect to the server, then the SSL handshake requests fails with "invalid profile" error. In LTM logs, the profile validation fails with following errors: crit tmm1[15624]: 01260031:2: Profile <profilename> - cannot load key/cert/chain: <long-file-path-greater-than-141-characters>: Unable to load private key.
SSL handshake failure which in turn causes application failure.
-- Create cert/keys of length more than 141 characters (including the partition and subfolders length) -- Configure the cert/key inside server SSL profile. -- Attach the server SSL profile to the virtual server.
While attaching the cert/key to the server SSL profile ensure that the total length including the partition and sub folders length is less than 141 characters.
None