Bug ID 452041: Machine Certificate Checker service always works in "Match Subject CN to FQDN" mode

Last Modified: Jan 07, 2026

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10

Opened: Mar 12, 2014

Severity: 3-Major

Related Article: K17178

Symptoms

Machine Certificate Checker service always fails to get a certificate and key if any rule is used except "Match Subject CN to FQDN."

Impact

Limited user fails to pass the AP.

Conditions

Machine Certificate Checker service installed Current user on client Windows machine is limited Machine Certificate Checker Agent configured to any other rule than "Match Subject CN to FQDN."

Workaround

Use power user and allow UAC elevation at Agent. Use "Match Subject CN to FQDN" rule.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips