Bug ID 437820: Machine certificate check on Mac OS X doesnt select certificate if only certificate is present and key is missing.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11

Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF8

Opened: Nov 14, 2013
Severity: 3-Major
Related Article:


Machine certificate check specifies three branches, "Successful", "found", "fallback". Successful means that both certificate and keys are found, "found" means only the certificate was found and "fallback" means neither was found. However, if only the certificate (not the key) is present in the keychain then the "fallback" branch is used instead of the "found" branch which is wrong.


Users who only have certificate and not the key will not go through "found" branch, hence may be denied access depending on the access policy configuration.


Machine certificate check and Mac OS X 10.7 and above.



Fix Information

The machine certificate check on Mac OS X now correctly lets clients, for which only a certificate and not the key are found, go through the "found" branch.

Behavior Change