Bug ID 437820: Machine certificate check on Mac OS X doesnt select certificate if only certificate is present and key is missing.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.1 HF2, 11.6.2 HF1, 11.4.0

Fixed In:
11.6.0, 11.5.1 HF2, 11.5.0 HF1, 11.4.1 HF4, 11.4.0 HF8

Opened: Nov 14, 2013

Severity: 3-Major

Related Article: K16156

Symptoms

Machine certificate check specifies three branches, "Successful", "found", "fallback". Successful means that both certificate and keys are found, "found" means only the certificate was found and "fallback" means neither was found. However, if only the certificate (not the key) is present in the keychain then the "fallback" branch is used instead of the "found" branch which is wrong.

Impact

Users who only have certificate and not the key will not go through "found" branch, hence may be denied access depending on the access policy configuration.

Conditions

Machine certificate check and Mac OS X 10.7 and above.

Workaround

None

Fix Information

The machine certificate check on Mac OS X now correctly lets clients, for which only a certificate and not the key are found, go through the "found" branch.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips