Forum Discussion
CirrusClient SSL Profile - Advertised Certificate Authorities
As a disclaimer I am not a fan of use "Advertised Certificate Authorities" setting in the client profile.
The problem:
I have a virtual server who's client ssl profile has the "Advertised Certificate Authorities" enabled and it is using the same Cert Bundle that is set for "Trusted Certificate Authorities".
When user connected I see the client hello, then i see the server hello, but with a fatal error for handshake failure.
I disabled the "Advertised Certificate Authorities" and the users were able to establish ssl connections.
In the F5 documentation there is warning about the size of the bundle assigned to the "Advertised Certificate Authorities" that if to large can cause the ssl negotations to fail.
I enabled ssl debug and I caught this in the ltm lo
2 Replies
steven_normoleI am wondering if what i saw in the log is an indication that the "advertised certificate authorities" is too large which caused the ssl negotation to fail.
- Injeyan_Kostas
Cumulonimbus
That's an easy one to test. Just use a smaller bundle for testing.
If that works you probably hit this bug.
