Bug ID 514636: SWG Category Lookup using Subject.CN results in a crash if the certificate presented does not have a Subject.CN.

Last Modified: Oct 17, 2023

Affected Product(s):
BIG-IP SWG(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Mar 26, 2015

Severity: 3-Major

Related Article: K17137


When accessing HTTPS websites (via SWG) that present a certificate without a CN in the subject, a TMM crash occurs.


Traffic disrupted while tmm restarts.


SWG explicit or transparent proxy using Category Lookup in the per-request access policy with Subject.CN as input. The crash only happens when accessing a site that has no CN in the Certificate's subject - this is not a common condition.


Use Category lookup with SNI as input.

Fix Information

When Category Lookup is configured to use Subject.CN as input, if the certificate subject does not contain a CN, APM processes the error correctly by logging an error.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips