Bug ID 464651: Multiple root certificates with same 'subject' and 'issuer' may cause the tmm to core.

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.4, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.3.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Fixed In:
11.6.0 HF5, 11.5.4, 11.4.1 HF6

Opened: May 28, 2014

Severity: 3-Major

Related Article: K16636

Symptoms

Two or more root certificates with the same 'subject' and 'issuer' but different serial numbers may cause the tmm to core. The core was due to an assert failure in size caused by a loop in certificate chain construction.

Impact

Traffic disrupted while tmm restarts.

Conditions

When multiple certificates with the same 'subject' and 'issuer' are in a CA file, and the CA file is configured in SSL profile as trusted CAs.

Workaround

Keep only one certificate for a given 'subject' and 'issuer' in CA file. Do not leave two certificates with the same 'subject' and 'issuer' in a CA file.

Fix Information

Resolved a failure when the customer installs another self-signed certificate with same subject/issuer before a self-signed certificate expires.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips