Last Modified: Jun 19, 2025
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0
Opened: Oct 24, 2014 Severity: 3-Major
If a key/cert pair is already configured in a profile, and somehow the key is recreated with the same name but without the certificate, the operation overwrites the original key file. At this point, the profile cannot detect that the key/cert combination do not match.
The BIG-IP system posts an alert indicating the key/cert mismatch, and the loading operation fails.
This occurs in profiles configured prior to version 11.3.0 when the configured key does not correspond to the configured cert.
1. Before saving the UCS, unconfigure the mismatching key/cert pair from the profile. 2. Configure another pair of key/cert (a newly generated pair is suggested). 3. Save the UCS.
None