Bug ID 2140909: BIG-IQ: Enable F5 Trusted CA store avoid CA pinning

Last Modified: Feb 02, 2026

Affected Product(s):
BIG-IQ Platform(all modules)

Known Affected Versions:
8.3.0, 8.4.0

Opened: Oct 29, 2025

Severity: 2-Critical

Symptoms

F5 products can only successfully connect to web services with Entrust SSL certificates, and Entrust has ceased CA operations.

Impact

F5 devices are not able to download the blended CA bundle.

Conditions

The file /config/ssl/ssl.crt/f5-ca-bundle.crt contains only a single Entrust Root CA certificate.

Workaround

Manually upgrade f5-ca-bundle.crt, follow this KB article for detailed steps https://my.f5.com/manage/s/article/K000157916

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips