Guest

Preview Tool

Cisco Bug: CSCua99477 - Incorrect Session-Verify-Result printed as "ok" for expired Client Cert

Last Modified

Jan 24, 2017

Products (1)

  • Cisco ACE 4700 Series Application Control Engine Appliances

Known Affected Releases

3.0(0)A4(2.3) 3.0(0)A5(1.2)

Description (partial)

Symptom:

Configured action-list adds incorrect value in HTTP header, when SSL termination is configured on ACE and client connects with an expired certificate.   HTTP verify-result header on server shows status is as "OK" instead of certificate is expired.  The issue is only noticed when CRL check is configured on ACE.

Conditions:

CRL check should be configured and Client should connect with expired certificate.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.