Bug ID 614675: GUI or iControl SOAP API call 'LocalLB::ProfileClientSSL::create_v2' creates invalid profile

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
11.5.4 HF3

Opened: Sep 06, 2016

Severity: 3-Major


1. Using the GUI or an iControl SOAP call can create invalid client SSL profile containing an empty cert-key-chain. This might occur after following these steps: -- Create new client-ssl cert from the GUI (the web-based UI). -- Check 'Custom' in 'Certificate Key Chain', but do not add anything. -- Click Finished. The system creates the following: ltm profile client-ssl /Common/cssl { app-service none cert none cert-key-chain { "" { } defualt_rsa_ckc { <=== a typo "defualt" cert /Common/default.crt key /Common/default.key } } <snip> } 2. Using the iControl function 'LocalLB::ProfileClientSSL::create_v2' creates a profile with two cert-key-chain objects containing identical cert and key values, but with different names: ltm profile client-ssl my_prof { app-service none cert mycert.crt cert-key-chain { "" { cert mycert.crt key mycert.key } defualt_rsa_ckc { <=== a typo "defualt" cert mycert.crt key mycert.key } } chain none inherit-certkeychain false key mycert.key passphrase none }


Cannot add the invalid client SSL profile to a virtual server.


Creating client SSL profiles using the GUI or the iControl function create_v2().


Remove the invalid client SSL profile and re-create the profile using TMSH or the GUI.

Fix Information

GUI or iControl SOAP API call 'LocalLB::ProfileClientSSL::create_v2' no longer creates an invalid profile when creating client SSL profiles using the iControl function create_v2(). In addition, 'defualt' has been changed to 'default', as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips