Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.1 HF2, 11.6.2 HF1, 11.4.0
Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF8
Opened: Nov 14, 2013 Severity: 3-Major Related Article:
K16156
Machine certificate check specifies three branches, "Successful", "found", "fallback". Successful means that both certificate and keys are found, "found" means only the certificate was found and "fallback" means neither was found. However, if only the certificate (not the key) is present in the keychain then the "fallback" branch is used instead of the "found" branch which is wrong.
Users who only have certificate and not the key will not go through "found" branch, hence may be denied access depending on the access policy configuration.
Machine certificate check and Mac OS X 10.7 and above.
None
The machine certificate check on Mac OS X now correctly lets clients, for which only a certificate and not the key are found, go through the "found" branch.