Bug ID 754541: Reconfiguring an iApp that uses a client SSL profile fails

Last Modified: May 23, 2019

Bug Tracker

Affected Product:  See more info
iApps All(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2

Fixed In:
15.0.0, 14.1.0.3

Opened: Jan 03, 2019
Severity: 2-Critical

Symptoms

As a result of this issue, you may encounter one or more of the following symptoms: -- A virtual server is created but no client SSL profile is applied. -- In the /var/log/ltm file, the system logs messages similar to the following example: err mcpd[6434]: 01b4002b:3: Client SSL profile (/Common/Example.app/Example_client-ssl): the profile has no RSA cert/key pair that can be modified. To add RSA cert/key, please use [cert-key-chain add]

Impact

The system fails to create and apply the client SSL profile to the virtual server.

Conditions

This issue occurs when the following conditions are met: -- Attempting to reconfigure an iApp. -- The iApp contains a client SSL profile.

Workaround

To work around this issue, you can temporarily disable SSL in the iApp, and then enable it again. Impact of workaround: Reconfiguring your iApp reconfigures all BIG-IP objects associated with the iApp. This might cause service disruptions to the application the iApp has been deployed for. 1. Navigate to the impacted iApp in GUI: iApps :: Application Services : Applications :: Example. 2. Find the setting associated with the client SSL profile, often titled "How should the BIG-IP system handle SSL traffic?" 3. Change the associated setting to one that does not imply the use of SSL, for example: "Plain text to and from both clients and servers." 4. Press the Reconfigure button. 5. Return to the same question and change the field back to its original setting. 6. Press the Reconfigure button once more.

Fix Information

Reconfiguring an iApp that uses a client SSL profile now succeeds as expected.

Behavior Change