Bug ID 478592: When using the SSL forward proxy feature, clients might be presented with expired certificates.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5, 11.5.3 HF2, 11.4.1 HF10

Opened: Sep 09, 2014
Severity: 2-Critical
Related AskF5 Article:
K16798

Symptoms

When SSL forward proxy feature is enabled, the certificates cached might not expire at the right time resulting in expired certificates being presented to the clients.

Impact

Incorrect certificates are presented to the clients.

Conditions

When using the SSL forward proxy feature.

Workaround

Manually delete the cached certs in: show ltm clientssl-proxy cached-certs.

Fix Information

Cached certificates are now handled correctly.

Behavior Change