Bug ID 483328: Client SSL profiles might fail to complete handshake, system logs critical-level error '01260000:2: Profile name-of-profile: could not load key/certificate'

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.3.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.2, 11.5.1 HF6

Opened: Oct 08, 2014
Severity: 3-Major
Related Article:


- SSL (e.g., HTTPS) virtual servers fail to negotiate SSL handshake. Operations on the device stall (not immediately fail). - At a packet capture level, the BIG-IP system acknowledges the Client Hello, but does not send a Server Hello. - System logs critical-level messages similar to the following whenever a user or the system modifies a virtual server: crit tmm[14270]: 01260000:2: Profile name-of-profile: could not load key/certificate.


All traffic to affected SSL virtual servers is disrupted.


This issue might occur after an upgrade at the time of the initial ConfigSync; the device that receives the initial ConfigSync is likely to be affected. This issue might also occur if an administrator makes changes to certificates and keys referenced by an SSL profile (for example, deletes and recreates a certificate or key with the same name), and then performs a ConfigSync to the peer device; the peer device may be affected.


After a device has been affected, restarting the affected TMMs resolves the issue. Note that restarting TMM temporarily disrupts traffic (or causes a failover). You can restart the TMMs by running 'bigstart restart tmm' on the affected appliance, or 'clsh bigstart restart tmm' on an affected VIPRION system.

Fix Information

SSL virtual servers now successfully negotiate SSL handshake, so the device no longer logs the following message: crit tmm[14270]: 01260000:2: Profile name-of-profile: could not load key/certificate.

Behavior Change