Client authentication through SSL certificate.

Muhammad_Irfan1
Cirrus
Nov 12, 2014
ahaa, is this the reason i am getting this error in open SSL? OpenSSL> s_client -connect 10.50.171.5:7777 -CAfile "F:\irfan-cert\CARoot.cer" Loading 'screen' into random state - done CONNECTED(000000B4) depth=3 CN = Mobilink-PKI-Root verify return:1 depth=2 CN = Mobilink-PKI-SubCA verify return:1 depth=1 DC = pk, DC = net, DC = mobilink, CN = Mobilink-PKI-ISS1 verify return:1 depth=0 C = PK, ST = punjab, L = lahore, O = mobilink, OU = FRF, CN = 10.50.171. 5, emailAddress = abbas.malik@mobilink.net verify return:1 7084:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s 3_pkt.c:1256:SSL alert number 40 7084:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177 : --- Certificate chain 0 s:/C=PK/ST=punjab/L=lahore/O=mobilink/OU=FRF/CN=10.50.171.5/emailAddress=abba s.malik@mobilink.net i:/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 1 s:/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 i:/CN=Mobilink-PKI-SubCA 2 s:/CN=Mobilink-PKI-SubCA i:/CN=Mobilink-PKI-Root 3 s:/CN=Mobilink-PKI-Root i:/CN=Mobilink-PKI-Root --- Server certificate -----BEGIN CERTIFICATE----- MIIF0TCCBTqgAwIBAgIKLNi+LAABABv8OzANBgkqhkiG9w0BAQUFADBfMRIwEAYK CZImiZPyLGQBGRYCcGsxEzARBgoJkiaJk/IsZAEZFgNuZXQxGDAWBgoJkiaJk/Is ZAEZFghtb2JpbGluazEaMBgGA1UEAxMRTW9iaWxpbmstUEtJLUlTUzEwHhcNMTQx MTA1MTE1MjAzWhcNMTUwMzI1MDY0MzQ1WjCBjzELMAkGA1UEBhMCUEsxDzANBgNV BAgTBnB1bmphYjEPMA0GA1UEBxMGbGFob3JlMREwDwYDVQQKEwhtb2JpbGluazEM MAoGA1UECxMDRlJGMRQwEgYDVQQDEwsxMC41MC4xNzEuNTEnMCUGCSqGSIb3DQEJ ARYYYWJiYXMubWFsaWtAbW9iaWxpbmsubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCmsoRDy/xBlj0cN1X/V7On63Nr8+SoH58Vnx6Fszv4BvWafjVbmo4S P35SNKN/azzHf5WnvFvsk/u2Rl1942qKR6UEY4utbPwo9GhM4LX3FX4z1ufLJiWk xJOaux1t9iNqQTwVFhVhrommr4Qt3oWLIdnEzr+CUK5WUezD7E0lNQIDAQABo4ID YTCCA10wHQYDVR0OBBYEFBEr2m+i79e6Qyrxrp7qXT6c2Dm8MB8GA1UdIwQYMBaA FAzu6jXBTbHN96A6WMH6x+4k2DBuMIIBWgYDVR0fBIIBUTCCAU0wggFJoIIBRaCC AUGGgcRsZGFwOi8vL0NOPU1vYmlsaW5rLVBLSS1JU1MxLENOPU1PQklMTkstSVNT MSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMs Q049Q29uZmlndXJhdGlvbixEQz1tb2JpbGluayxEQz1uZXQsREM9cGs/Y2VydGlm aWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50hkRodHRwOi8vbW9iaWxuay1pc3MxLm1vYmlsaW5rLm5ldC5way9D ZXJ0RW5yb2xsL01vYmlsaW5rLVBLSS1JU1MxLmNybIYyaHR0cDovL2NlcnQubW9i aWxpbmsubmV0L1BraS9Nb2JpbGluay1QS0ktSVNTMS5jcmwwggE+BggrBgEFBQcB AQSCATAwggEsMIG3BggrBgEFBQcwAoaBqmxkYXA6Ly8vQ049TW9iaWxpbmstUEtJ LUlTUzEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bW9iaWxpbmssREM9bmV0LERDPXBrP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y aXR5MHAGCCsGAQUFBzAChmRodHRwOi8vbW9iaWxuay1pc3MxLm1vYmlsaW5rLm5l dC5way9DZXJ0RW5yb2xsL01PQklMTkstSVNTMS5tb2JpbGluay5uZXQucGtfTW9i aWxpbmstUEtJLUlTUzEoMSkuY3J0MAsGA1UdDwQEAwIFoDA8BgkrBgEEAYI3FQcE LzAtBiUrBgEEAYI3FQiDstUxz68uhZWBLYKT9VSG65EGAIWgvAqEwb1PAgFlAgEE MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUH AwEwDQYJKoZIhvcNAQEFBQADgYEA4SoS7d+2saQmx3n2/d+eoBJDzagrYQYGJFle QH4vykZTmT4TIayMEJOqYq5fIUcZ6UlMYIDW5Uyiwa0iObXTi+1FA1ZB1extnPfl CAv4Rqs0V2HA5vzmS3Ge8aJ0KjJXXlZOZCHpAG3pJsdVZLtWbCu/8pRAOd8iGRgh PdNNXJg= -----END CERTIFICATE----- subject=/C=PK/ST=punjab/L=lahore/O=mobilink/OU=FRF/CN=10.50.171.5/emailAddress=a bbas.malik@mobilink.net issuer=/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 --- Acceptable client certificate CA names /DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 /CN=Mobilink-PKI-SubCA /CN=Mobilink-PKI-Root --- SSL handshake has read 6337 bytes and written 198 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : RC4-SHA Session-ID: 16FA60494CC614EA972C45C5784E64ECAB0E0296F931240BC0F30F65B34E2918 Session-ID-ctx: Master-Key: 519B4A6034B66FDC409514D6659ACFEECEC60E8B295D7E0FF7D96B3C74889071 594D5530DF2C9E6823BD0838687761EE Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1415789671 Timeout : 300 (sec) Verify return code: 0 (ok) --- error in s_client OpenSSL> Thank You sir, you gave me hope again. I am near to go in production. I got some problem again in this please reply on this thread i will be very very grateful. I will tell you once i put pfx file in browser.

Forum Discussion

Client authentication through SSL certificate.

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS