Forum Discussion
Nimbostratuscertificate check fails ?
Hi out there
We have defined a new certificate infrastructure and are now testing it. It is a PKI with MS 2008R2 servers. When I try to logon to the F5 I get a error - session.ssl.cert.valid is 7 - and I can't find any reference on what "7" Means - can some help me?
Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.end is Oct 19 12:23:29 2019 GMT Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.exist is 1 Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.issuer is CN=xxxxxx (removed) Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.serial is xxxxx (removed) Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.start is Oct 20 12:23:29 2014 GMT
best regards /ti
4 Replies
kunjan7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure the signature of the certificate is invalid.- tiwang
hi again OK - the RSASSA-PSS signature-algorhytm isn't supported under 11.3 yet - does this also mean that f.ex the Root CA with chain - which has issued the server certificate - isn't valid even though it is imported without errors? I am not sure where in the certificate validation process these "objects" are used.
- kunjan
Isn't that failure is for client cert validation? So import time no validation of that, rite
openssl verify -purpose sslclient -CAfile CA.crt client.crt
- kunjan
Isn't that failure is for client cert validation? So import time no validation of that, rite
openssl verify -purpose sslclient -CAfile CA.crt client.crt
