Bug ID 437820: Machine certificate check on Mac OS X doesnt select certificate if only certificate is present and key is missing.

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11

Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF8

Opened: Nov 14, 2013
Severity: 3-Major
Related AskF5 Article:
K16156

Symptoms

Machine certificate check specifies three branches, "Successful", "found", "fallback". Successful means that both certificate and keys are found, "found" means only the certificate was found and "fallback" means neither was found. However, if only the certificate (not the key) is present in the keychain then the "fallback" branch is used instead of the "found" branch which is wrong.

Impact

Users who only have certificate and not the key will not go through "found" branch, hence may be denied access depending on the access policy configuration.

Conditions

Machine certificate check and Mac OS X 10.7 and above.

Workaround

None

Fix Information

The machine certificate check on Mac OS X now correctly lets clients, for which only a certificate and not the key are found, go through the "found" branch.

Behavior Change