Bug ID 1369673: OCSP unable to staple certificate chain

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2, 16.1.5

Opened: Oct 05, 2023

Severity: 3-Major

Symptoms

When a server returns a certificate chain that involves an archived Let's Encrypt certificate, the OCSP is unable to staple the full chain.

Impact

The OCSP is unable to staple the certificate chain. If the stapling is required by the client, the connection will be broken.

Conditions

An OCSP is configured on the serverside profile, and the client tries to connect to a server that returns certificate chain using an archived Let's Encrypt certificate.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips