Forum Discussion

Nimbostratus

Feb 27, 2019

Connection terminates/closes with Server SSL Profile --> Server Authentication --> Server Certificate parameter set to require

I have one F5 LTM and one server in its pool. Connection is encrypted end-to-end. Client to F5 is 443. And F5 LTM to server is 443. F5, subsequently, has Client SSL Profile and Server SSL Profile ena...

server authentication

server certificate

server ssl profile

Michael_Saleem

MVP

Feb 27, 2019

If you want the F5 to perform SSL server authentication, in the server-ssl profile you need to:

1) set peer-cert-mode to require

2) specify an authenticate-name (to match the common name/SAN name on the cert)

3) Specify the ca-file. This is the root CA cert corresponding to the cert installed on the server (so that the chain of trust can complete)

If you still experience issues try running an ssl dump on the F5 and post the results.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Connection terminates/closes with Server SSL Profile --> Server Authentication --> Server Certificate parameter set to require

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Automating ACMEv2 Certificate Management on BIG-IP

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS