Bug ID 464651: Multiple root certificates with same 'subject' and 'issuer' may cause the tmm to core.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.4, 11.3.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
11.6.0 HF5, 11.5.4, 11.4.1 HF6

Opened: May 28, 2014
Severity: 3-Major
Related Article:
K16636

Symptoms

Two or more root certificates with the same 'subject' and 'issuer' but different serial numbers may cause the tmm to core. The core was due to an assert failure in size caused by a loop in certificate chain construction.

Impact

Traffic disrupted while tmm restarts.

Conditions

When multiple certificates with the same 'subject' and 'issuer' are in a CA file, and the CA file is configured in SSL profile as trusted CAs.

Workaround

Keep only one certificate for a given 'subject' and 'issuer' in CA file. Do not leave two certificates with the same 'subject' and 'issuer' in a CA file.

Fix Information

Resolved a failure when the customer installs another self-signed certificate with same subject/issuer before a self-signed certificate expires.

Behavior Change