For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mchelle_181998's avatar
Mchelle_181998
Icon for Cirrus rankCirrus
Nov 30, 2018

Error when installing CA to bundle

I have a signer CA, that I would like to add to F5. So that when we use self sign cert on F5 you will not get the message of this is not a trusted sight. This signer CA has been added to all of our ...
BIG-IP
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Dec 07, 2018

This is just semantics, but a self-signed cert is not issued. It signs itself.

In any case,

  • Is the CA certificate in PEM or DER format? If you can open it with a text editor and it contains the string "----- BEGIN CERTIFICATE -----", then it's PEM.
  • Is there anything else in the CA certificate besides what's between BEGIN and END CERTIFICATE? Sometimes there's additional comments in the text file.

  • If you can access a system with OpenSSL installed (like the BIG-IP) you can issue the following command:

    openssl x509 -text -in [cert.crt]

    If you get back readable certificate information, and no errors, then the certificate is in good shape.