Bug ID 614675: GUI or iControl SOAP API call 'LocalLB::ProfileClientSSL::create_v2' creates invalid profile

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2

Fixed In:
11.5.4 HF3

Opened: Sep 06, 2016
Severity: 3-Major

Symptoms

1. Using the GUI or an iControl SOAP call can create invalid client SSL profile containing an empty cert-key-chain. This might occur after following these steps: -- Create new client-ssl cert from the GUI (the web-based UI). -- Check 'Custom' in 'Certificate Key Chain', but do not add anything. -- Click Finished. The system creates the following: ltm profile client-ssl /Common/cssl { app-service none cert none cert-key-chain { "" { } defualt_rsa_ckc { <=== a typo "defualt" cert /Common/default.crt key /Common/default.key } } <snip> } 2. Using the iControl function 'LocalLB::ProfileClientSSL::create_v2' creates a profile with two cert-key-chain objects containing identical cert and key values, but with different names: ltm profile client-ssl my_prof { app-service none cert mycert.crt cert-key-chain { "" { cert mycert.crt key mycert.key } defualt_rsa_ckc { <=== a typo "defualt" cert mycert.crt key mycert.key } } chain none inherit-certkeychain false key mycert.key passphrase none }

Impact

Cannot add the invalid client SSL profile to a virtual server.

Conditions

Creating client SSL profiles using the GUI or the iControl function create_v2().

Workaround

Remove the invalid client SSL profile and re-create the profile using TMSH or the GUI.

Fix Information

GUI or iControl SOAP API call 'LocalLB::ProfileClientSSL::create_v2' no longer creates an invalid profile when creating client SSL profiles using the iControl function create_v2(). In addition, 'defualt' has been changed to 'default', as expected.

Behavior Change