Bug ID 756270: SSL profile: CRL signature verification does not check for multiple certificates with the same name as the issuer in the trusted CA bundle

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,

Fixed In:
15.0.0,,, 12.1.5, 11.6.4, 11.5.9

Opened: Jan 22, 2019

Severity: 3-Major


If there are multiple certificates in the trusted CA bundle with the same common name, CRL signature verification checks only one of them while looking for CRL issuer.


Handshake failure.


Multiple certificates with the same subject name as the CRL issuer in the trusted CA bundle used for authentication in SSL profiles.



Fix Information

This has been fixed to check for the issuer among all certificates that have the same subject name as the CRL issuer.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips