Bug ID 1327649: Invalid certificate order within cert-chain associated to JWK configuration

Last Modified: Jun 05, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3

Opened: Aug 04, 2023

Severity: 2-Critical

Symptoms

An error occurs while validating the certificate and certificate chain in JSON web key configuration: General error: 01071ca4:3: Invalid certificate order within cert-chain (/Common/mycert.crt) associated to JWK config (/Common/myjwk). in statement [SET TRANSACTION END]

Impact

You are unable to create a policy with key configuration for OAuth when the certificate chain contains more than two certificates.

Conditions

Issue occurs when the certificate chain contains three or more certificates. The proper order in issuing: endpointchild | endpoint | intermediate | ca

Workaround

Note that there is no impact when the certificate chain order is valid and contains only two certificates in the chain.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips