Forum Discussion

Cirrus

Jul 12, 2021

C3D, Client Certificate passing issue

For application new requirement, we need to pass the client certificate to backend server. We enabled the C3D option on the client and server SSL profile. I created the CA certificate and key (...

MVP

Jul 12, 2021

Hi Kannan,

your config looks right. From my memory there are two things that could possibly be wrong.

First: The CA key/certificate you are using for C3D is not capable to create new certificates (must be type: Issuing CA Certificate).

Second: the application / web server does not trust certificates issued by this Issuing CA. Did you import this certificate on the application / web server as a trusted CA?

You can do a tcpdump between the F5 and the application / web server and you will see the TLS handshake, from the handshake / tcpdump you can export the certificates that the F5 sends to the backend and check if they are issued properly.

Daniel

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

C3D, Client Certificate passing issue

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Request Client Certificate And Pass To Application

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS