Forum Discussion
Pawel_1533
Nimbostratus
NimbostratusClient certificate for https monitor
Hi,
I'm trying to set up a virtual server for an https traffic with client certificate verification enabled.
SSL is NOT terminated on the load balancer.
Virtual server works fine, however I have an issue with setting up pool members monitor. I've created new monitor based on https profile but it doesn't work properly. Application running on balanced servers performs client side cert authentication and accept connections for known certs only. So I tried to specify client certificate in monitor setting (cert "") but I've got below errors in ltm logfile:
bigd: 01060111:3: Open SSL error - error:14094412:SSL routines:func(148):reason(1042).
I tried different file formats - p12, pem but an error is still the same.
The certificate I use is correct and works fine when I try direct connection from LB to the server with openssl however here I use pem files for both the cert and the key:
openssl s_client -host 10.1.1.1 -port 443 -cert ./usercert.pem -key ./userkey.pem
Anyone know what format should I use so f5 can read the cert and use it properly.
Best regards,
Pawel
2 Replies
hoolioCirrostratus
Hi Pawel,
The cert and key should be in PEM format. You can follow the steps in SOL7532 to configure the HTTPS monitor with a client cert:
SOL7532: Configuring the HTTPS health monitor to use a client certificate
https://support.f5.com/kb/en-us/solutions/public/7000/500/sol7532.html?sr=847164
Aaron
Pawel_1533Thanks - it works fine. I was very close with my guesses but I tried cert/key in a different order in the file.
Regards,
Pawel
