Bug ID 495836: SSL verification error occurs when using server side certificate.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Dec 10, 2014
Severity: 3-Major
Related AskF5 Article:
K16610

Symptoms

SSL is stuck at signature check for server side certificates and hence can't complete the SSL handshake.

Impact

SSL handshake fails. The handshake hangs until the timeout.

Conditions

The issue can be seen when it meets the following conditions: 1. The backend server is Microsoft IIS or Netty. 2. serverSSL profile requires server side certificate authentication.

Workaround

To work around this issue, you can configure the back-end Netty based SSL servers to use a Certificate Authority (CA) signed certificate. Otherwise, do not use use 'peer-cert-mode require'.

Fix Information

SSL verification error no longer occurs when using server side certificate.

Behavior Change