Last Modified: Oct 19, 2025
Affected Product(s):
F5OS F5OS, F5OS-A, Install/Upgrade
Known Affected Versions:
F5OS-A 1.4.0, F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.5.4, F5OS-A 1.7.0, F5OS-A 1.8.0, F5OS-A 1.8.3
Opened: Oct 11, 2024 Severity: 3-Major
After an upgrade from F5OS-A 1.3.2 or earlier to F5OS-A 1.4.0 or later, if the configuration contains a CA bundle with an invalid PEM certificate in it, the F5OS GUI and API will be inaccessible. When this occurs, the HTTP server (htpd) will not be running and log messages similar to the following will be in /var/log/httpd/ssl_error_log: [Sun Oct 13 00:00:00.408461 2024] [ssl:emerg] [pid 89] AH01895: Unable to configure verify locations for client authentication [Sun Oct 13 00:00:00.408486 2024] [ssl:emerg] [pid 89] SSL Library Error: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
The F5OS GUI and API will be inaccessible.
-- F5OS system upgraded from F5OS-A 1.3.2 or earlier to F5OS-A 1.4.0 or later -- System has CA bundles configured, and one of the CA bundles configured includes an incorrectly-formatted certificate file; for instance, the "-----END CERTIFICATE-----" line is missing a trailing hyphen.
From the F5OS CLI, correct the configuration problem with the CA bundle, e.g. remove the invalid CA bundle, or remove the invalid PEM certificate from the CA bundle, or correct the issue with the CA bundle.
None