Last Modified: Sep 02, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.5.0, 17.5.1
Opened: Aug 27, 2025 Severity: 4-Minor
SSL handshakes fail with the following in /var/log/ltm err tmm[11141]: 01a40008:3: Unable to build certificate trust chain for profile <profile name> warning tmm[11141]: 01260009:4: Connection error: ssl_hs_do_crl_validation:7260: alert(46) unknown certificate error warning tmm[11141]: 01260013:4: SSL Handshake failed for TCP
TLS sessions cannot be created with the BIG-IP when the client certificate is not signed by trusted CA.
A client profile that has the Client Certificate setting set to "Request" and a Dynamic CRL. A client connects to the BIG-IP with a certificate which is not signed by trusted CA.
None
None