Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3.4, 11.6.4, 11.5.9
Opened: Mar 29, 2017 Severity: 3-Major Related Article:
K15732489
Error is not reported if the profile is associated with an invalid Certificate Revocation List (CRL) that is not signed by trusted CAs, if the CRL issuer has the same subject name as one of the certs in trusted CA.
Error is not reported for invalid CRL.
This occurs when associating CRLs with virtual servers.
OpenSSL command can be used to check if the CRL is signed by trusted CA. The command to verify CRL against a CA file is as follows: openssl crl -CAfile <path to the CA certificate bundle/file> -noout -in <path to CRL file>
Error is reported in TMM logs if the CRL is not signed by trusted CA.