Forum Discussion
Kannan_Thalaia1
Cirrus
CirrusC3D, Client Certificate passing issue
For application new requirement, we need to pass the client certificate to backend server. We enabled the C3D option on the client and server SSL profile. I created the CA certificate and key (...
Kannan_Thalaia1Cirrus
CirrusHello Daniel,
Thanks for your update.
First: The CA key/certificate you are using for C3D is not capable to create new certificates (must be type: Issuing CA Certificate).
--> I am not sure how to create Issuing CA certificate. I created the CA certificate and key (https://support.f5.com/csp/article/K14499) and attached to Server SSL profile.
When I tried to capture the logs, the F5 is not sending any certificate to backend. Refer the attachment.
Second: the application / web server does not trust certificates issued by this Issuing CA.
Did you import this certificate on the application / web server as a trusted CA?
--> I provide the CA certificate (which created above) to the application owner to put in the trusted CA list.
But, if eel, first we need to fix the above issue ( F5 is not sending client certificate to backend)
Daniel_Wolf
MVP
MVPIn the Prerequisites section of K14065425 it is stated that:
- You must have a CA-Bundle used to validate incoming client certificates.
- You must have a Certificate and Key for Reverse Proxy.
- You must have a CA Certificate and Key that has the ability to create new certificates.
This CA Certificate and Key must be used in the Server SSL profile in the CA Certificate and CA Key fields. And the backend server must trust certificates issued by this CA.