Bug ID 507419: Category Lookup by Subject.CN cannot be used in Per-Request policies for reverse proxy use.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6

Opened: Feb 17, 2015
Severity: 3-Major


Use of Category Lookup by Subject.CN in a reverse proxy configuration will result in a connection reset.


Category Lookup by Subject.CN cannot be used in per-request policies for reverse proxy use. This will require SSL profiles with SSL forward proxy deployed for correct operation.


Category Lookup by Subject.CN requires the configuration of SSL forward proxy. Without this in place, the Subject.CN cannot be retrieved for use with Category Lookup.


To work around the problem, you can use Category Lookup by SNI for equivalent functionality.

Fix Information


Behavior Change