Bug ID 932461: Cert update on server SSL profile on HTTPS monitor: BIG-IP not using the updated certificate.

Last Modified: Feb 14, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.0.0, 15.0.1,,,,,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,

Opened: Jul 30, 2020

Severity: 3-Major


If you overwrite the certificate that is configured on the server SSL profile and used with the HTTPS monitor, the BIG-IP system still uses an old certificate. After you update the certificate, the stored certificate is incremented, but monitor logging indicates it is still using the old certificate.


The monitor still tries to use the old certificate, even after the update.


--Create a pool with an HTTPS pool member. --Create an HTTPS monitor with cert and key. --Assign the HTTPS monitor to the HTTPS pool. --Update the certificate via GUI or tmsh.


Use either of the following workarounds: -- Restart bigd: bigstart restart bigd -- Modify the server SSL profile cert key, set it to 'none', and switch back to the original cert key name. The bigd utility successfully loads the new certificate file.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips