Forum Discussion

Nimbostratus

Dec 01, 2009

auth_result not called for some client certificates

Hi everyone, I am trying to resolve an issue with an irule that is utilized to ask for client certificates for certain folders. The irule works great except for certain client certific...

Cirrostratus

Dec 03, 2009

Hi Mike,

Great, that helps. The "unable to get local issuer certificate" error indicates that the client cert can't be chained back to any cert in the trusted CA cert bundle configured on the client SSL profile.

If you take a look at the failing cert's issuer details, does it match the working client certs? You can use openssl from the LTM command line to test the cert:

openssl verify

http://www.openssl.org/docs/apps/verify.html

Here is another method for checking client certs:

http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

auth_result not called for some client certificates

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

AppWorld 2024 Call For Speakers open

Help F5 Transform the BIG-IP Administrator Certification

Automate Let's Encrypt Certificates on BIG-IP

Re: Management Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS