Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1
Fixed In:
11.5.4 HF2
Opened: Apr 07, 2016 Severity: 3-Major
Windows Machine cert checker doesn't work as expected if issuer or AltName is specified. User cannot pass access policy even with valid machine cert. Logs in client PC can be produced, such as: EXCEPTION - CCertCheckCtrl::Verify FindCertificateInStore failed with error code: and CCertCheckCtrl::Verify, Store name:"MY", Store location:"LocalMachine", Subject match FQDN:"1", Allow elevation UI:"0", Serial number(HEX):"", Issuer:"??????????????????????", SubjectAltName:""
User may not pass policy as expected
Issuer or Subject AltName fields are populated. Site recently upgraded to 11.5.4.
N/A
Now Machine Cert checker correctly processes issuer and SAN fields.