Forum Discussion
NimbostratusF5 BIGIP Device Certificate
Hi,
I have two F5 BIGIP ver 11.4.0 (APM Module only) configured as High Availability using Device Service Clustering. I have replaced the default device certificates from both devices using our own external CA server signed certs from GUI admin.
1) Uploaded the Device Certificates to both F5 using GUI. System > Device Certificates > Device Certificates. 2) Uploaded the other F5 Device Cert and ROOT CA as Trusdted Device Certs. System > Device Certificates > Trusted Device Certificates.
During testing, Configsync and HA Failover are working fine. However, after I enable the SSL debug logging level. I am seeing the certificate error such as below.
" Feb 6 debug tmm[10015]: 01260006:7: Peer cert verify error: certificate not trusted (depth 0; cert /CN=) "
I tried to search this type of error from internet and Dev Central but to no avail. I understand that it is something to do with CA trust setings. I would like to determine the exact cause of this error and how to get rid of it.
Based on this KB link http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8187.html. Device certificate is used only by the Configuration utility for HTTPS communication as well as by the following device-to-device communication processes: •configsync •big3d •gtmd •iqdump
Thanks in advance for your help.
4 Replies
jkari_144214Hi,
I have same problem. I installed cert couple days ago and now I,m trying to get my first https service up but it fails. From SSL logging I found this message:
Peer cert verify error: certificate not trusted (depth 0; cert /CN=my backup f5)
I have tested service from servers and it's works, any help appreciated.
- jkari_144214
Hi,
well I managed to get my https working, it was only configuration problem. Nothing to do with these notification. But let's get back to the point, Peer cert verify error: certificate not trusted (depth 0; cert /CN=my backup f5) where that comes from?
Niilas_138664Hi, Any updates on this? I am running into the same issue "Peer cert verify error" on all LTMs deployed in sync-failover cluster. These are all VEs. The issue seems to come and go and this makes the virtual servers "flap" so they might time-out or work depending on the moment. Resetting device trust and rebuilding the sync fixes the issue for a while, but it always comes back. I currently have a ticket open for this also.
- Mike_126673Niilas, did you get a resolution on your ticket? I'm seeing the same messages with SSL debug on. I'm also using virtuals with sync-failover configured.
