Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
Fixed In:
12.0.0, 11.6.0 HF5, 11.5.4 HF3, 11.4.1 HF9
Opened: Jan 05, 2015 Severity: 3-Major Related Article:
K16850453
Bug 464651 fixed a loop issue that occurred when building a certificate chain caused by an invalid configuration in certificates. That fix unintentionally excluded the root certificate in the chain. While it is still a valid certificate chain, it does result in a change-in-behavior issue that is unacceptable in certain cases.
In some instances, the root certificate must be included in the certificate chain. In other cases, the certificate validation fails.
This occurs in versions containing the fix for Bug 464651 (11.4.1, 11.5.4).
None.
This fix restores the previous behavior by including the root certificate in the chain.