Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Fixed In:
11.5.4 HF2
Opened: Apr 07, 2016 Severity: 3-Major
Windows Machine cert checker doesn't work as expected if issuer or AltName is specified. User cannot pass access policy even with valid machine cert. Logs in client PC can be produced, such as: EXCEPTION - CCertCheckCtrl::Verify FindCertificateInStore failed with error code: and CCertCheckCtrl::Verify, Store name:"MY", Store location:"LocalMachine", Subject match FQDN:"1", Allow elevation UI:"0", Serial number(HEX):"", Issuer:"??????????????????????", SubjectAltName:""
User may not pass policy as expected
Issuer or Subject AltName fields are populated. Site recently upgraded to 11.5.4.
N/A
Now Machine Cert checker correctly processes issuer and SAN fields.