Bug ID 532096: Machine Certificate Checker is not backward compatible with 11.4.1 (and below) when MatchFQDN rule is used

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2

Opened: Jul 07, 2015
Severity: 3-Major

Symptoms

Machine Certificate Checker (client side) is not backward compatible with BIG-IP 11.4.1 and earlier when MatchFQDN rule is used

Impact

Machine Certificate checker agent may fail. Policy goes wrong way.

Conditions

Machine Certificate checker agent uses MatchFQDN rule in Access Policy of BIG-IP version 11.4.1 and earlier. New BIG-IP Edge Client (version greater than 11.4.1) is used against old BIG-IP.

Workaround

None

Fix Information

Fixed issue causing Machine Certificate checker agent backward incompatibility.

Behavior Change