Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
14.1.0, 18.104.22.168, 22.214.171.124
Opened: Jan 03, 2019
As a result of this issue, you may encounter one or more of the following symptoms: -- A virtual server is created but no client SSL profile is applied. -- In the /var/log/ltm file, the system logs messages similar to the following example: err mcpd: 01b4002b:3: Client SSL profile (/Common/Example.app/Example_client-ssl): the profile has no RSA cert/key pair that can be modified. To add RSA cert/key, please use [cert-key-chain add]
The system fails to create and apply the client SSL profile to the virtual server.
This issue occurs when the following conditions are met: -- Attempting to reconfigure an iApp. -- The iApp contains a client SSL profile.
To work around this issue, you can temporarily disable SSL in the iApp, and then enable it again. Impact of workaround: Reconfiguring your iApp reconfigures all BIG-IP objects associated with the iApp. This might cause service disruptions to the application the iApp has been deployed for. 1. Navigate to the impacted iApp in GUI: iApps :: Application Services : Applications :: Example. 2. Find the setting associated with the client SSL profile, often titled "How should the BIG-IP system handle SSL traffic?" 3. Change the associated setting to one that does not imply the use of SSL, for example: "Plain text to and from both clients and servers." 4. Press the Reconfigure button. 5. Return to the same question and change the field back to its original setting. 6. Press the Reconfigure button once more.
Reconfiguring an iApp that uses a client SSL profile now succeeds as expected. This issue is resolved in the following release candidates: f5.microsoft_exchange_2016.v1.0.3rc5.tmpl f5.microsoft_exchange_2016.v1.0.3rc6.tmpl Issues resolved: - Corrected an issue that caused TCL iApps using client-ssl profiles to break when the iApp was reconfigured. This issue only affected iApps running on BIG-IP 14.1.