inherit-certkeychain false but parent profile is true

We created the profile from the CLI using

tmsh create ltm profile client-ssl clientssl-profile {defaults-from parent-profile key some-certificate.key cert some-certificate.crt }

in the parent profile has inherit-certkeychain true

how does the new clientssl-profile get inherit-certkeychain false ?????

Can you create profile via GUI and see if any issue..

we have tested in LAB. its working well

tmsh create ltm profile client-ssl clientssl-profile-name { cert test_cert.crt key test_cert.key chain testChainCert.crt }

OR

tmsh create ltm profile client-ssl my_clientssl_profile defaults-from clientssl cert-key-chain add { my_profile_certkey { cert my_profile_certkey.crt key my_profile_certkey.key } }

ltm profile client-ssl clientssl-profile { app-service none cert some-certificate.crt cert-key-chain { some-certificate { cert some-certificate.crt key some-certificate.key } } chain none defaults-from bac_std_pl2clientssl inherit-certkeychain false key some-certificate.key passphrase none }

From the GUI I tested creating a test profile and that worked fine

ltm profile client-ssl test { app-service none cert some-certificate.crt cert-key-chain { some-certificate { cert some-certificate.crt key some-certificate.key } } chain none defaults-from bac_std_pl2clientssl inherit-certkeychain true key some-certificate.key passphrase none }

BUT I TRIED DELETING / RE-CREATING the profile I need, but it still has:

inherit-certkeychain false

It's correct output...

Are you seeing this behavior in other LB also? It might be F5 bug 527742.

Please see the below link.

https://support.f5.com/csp/article/K15550890

https://support.f5.com/csp/article/K16589

FYI created profile on Active LTM .... both the Active and Standby have inherit-certkeychain false

There was an upgrade from 11.5.3 to 11.5.4 about a month ago (don't think that is root cause)