Last Modified: Oct 22, 2025
Affected Product(s):
F5OS F5OS-A
Fixed In:
F5OS-A 1.8.3
Opened: Aug 06, 2025 Severity: 1-Blocking
When Full Disk Encryption (FDE) is enabled, the system may be unable to communicate with the KMIP server after a reboot if the configured CA certificate includes more than one CA block (i.e., a certificate chain). This results in the drives remaining in a locked state.
After a system reboot, it may fail to establish a connection with the KMIP server using the chained certificate. As a result, the encrypted drives remain locked and inaccessible.
This issue occurs when the user configures FDE using a CA certificate that contains a certificate chain (multiple CA blocks).
Configure only a single CA certificate (no chaining) to avoid this issue.
Added validation checks to allow only a single CA block in CA certificate while configuring the FDE.