Bug ID 754541: Reconfiguring an iApp that uses a client SSL profile fails

Last Modified: Jul 12, 2023

Affected Product(s):
iApps All(all modules)

Known Affected Versions:

Fixed In:

Opened: Jan 03, 2019

Severity: 2-Critical


As a result of this issue, you may encounter one or more of the following symptoms: -- A virtual server is created but no client SSL profile is applied. -- In the /var/log/ltm file, the system logs messages similar to the following example: err mcpd[6434]: 01b4002b:3: Client SSL profile (/Common/Example.app/Example_client-ssl): the profile has no RSA cert/key pair that can be modified. To add RSA cert/key, please use [cert-key-chain add]


The system fails to create and apply the client SSL profile to the virtual server.


This issue occurs when the following conditions are met: -- Attempting to reconfigure an iApp. -- The iApp contains a client SSL profile.


To work around this issue, you can temporarily disable SSL in the iApp, and then enable it again. Impact of workaround: Reconfiguring your iApp reconfigures all BIG-IP objects associated with the iApp. This might cause service disruptions to the application the iApp has been deployed for. 1. Navigate to the impacted iApp in GUI: iApps :: Application Services : Applications :: Example. 2. Find the setting associated with the client SSL profile, often titled "How should the BIG-IP system handle SSL traffic?" 3. Change the associated setting to one that does not imply the use of SSL, for example: 'Plain text to and from both clients and servers.' 4. Press the Reconfigure button. 5. Return to the same question and change the field back to its original setting. 6. Press the Reconfigure button once more.

Fix Information

Reconfiguring an iApp that uses a client SSL profile now succeeds as expected. This issue is resolved in the following release candidates: f5.microsoft_exchange_2016.v1.0.3rc5.tmpl f5.microsoft_exchange_2016.v1.0.3rc6.tmpl f5.citrix_vdi.v2.4.6.tmpl f5.vmware_view.v1.5.6.tmpl You can download these iApp templates on the F5 Downloads site :: https://downloads.f5.com Issues resolved: - Corrected an issue that caused Tcl iApps using client SSL profiles to stop working when the iApp was reconfigured. - This issue affected iApps running on BIG-IP 14.1, citrix_vdi, and vmware_view.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips