Last Modified: Jul 08, 2025
Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C, Velos
Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.7.0, F5OS-A 1.8.0, F5OS-C 1.6.2, F5OS-C 1.8.0, F5OS-C 1.8.1
Opened: Oct 11, 2024 Severity: 3-Major
F5OS may accept CA bundle configurations that include incorrectly-formatted PEM certificates. If this occurs, the HTTP server (httpd) will fail to start and the ssl_error_log will have messages similar to the following: [Sun Oct 13 00:00:00.408461 2024] [ssl:emerg] [pid 89] AH01895: Unable to configure verify locations for client authentication [Sun Oct 13 00:00:00.408486 2024] [ssl:emerg] [pid 89] SSL Library Error: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib These errors will be in: - /var/log/httpd/ssl_error_log on an rSeries appliance - /var/log_controller/ssl_error_log for a VELOS system controller - /var/F5/partition<X>/log/httpd/ssl_error_log for a VELOS partition
The F5OS GUI and API will be inaccessible.
-- Configuring a CA bundle in F5OS that contains a valid PEM certificates followed by incorrectly-formatted PEM certificates.
From the F5OS CLI, correct the configuration problem with the CA bundle, e.g. remove the invalid CA bundle, or remove the invalid PEM certificate from the CA bundle, or correct the issue with the CA bundle.
None