Last Modified: Aug 29, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2
Opened: Jun 20, 2025 Severity: 3-Major
Clients are receiving certificates that are expired or invalid, leading to SSL handshake failures accompanied by security warnings.
Clients receiving expired/invalid certificates causes traffic disruption.
-- A virtual server configured with ClientSSL and ServerSSL profiles, both having SSL forward proxy enabled, experiences a change in system time (time advanced) due to a network glitch or issue.
From TMSH, Running the following command will delete the cached certificates associated with the specified virtual server and client SSL profile. (tmos)# delete ltm clientssl-proxy cached-certs virtual <name> clientssl-profile <name>
None