Getting Verify return code: 21 (unable to verify the first certificate) error message.

Can you list your setup from both ltm's

tmsh list ltm profile client-ssl 

The error is more likely to occur because you may have missed to have include intermediate certificate.

I used the same cert in my other device which I imported to the fist device.

You can mask your confidential objects & share us the output. This is to compare the clientssl settings on both LTM's.

Suresh jo : are you creating device ssl cert or ssl cert for ssl profile ?

Hello,

Can you confirm that you importe Chain (intermediate) too?

In your Client ssl profile you have to set your intermediate and check that you have the settings that other profil on working device.

Regards,

I am creating ssl cert for ssl profile.

I have imported intermediate chain too, what I did in the ssl cert tab I copied contents of both the cert (ssl and intermediate). After that I got the verify code 20 instead of 21.

Hello,

Can you please confirm that you copie firt SSL Cert then below the chain?

Regards,

Yes, I edit both cert in notepad++ and then I paste the contents of ssl cert followed by intermediate cert.

Hello Suresh,

I suspect a problem with your intermediaries or the way you paste them. Do it step by step.

First, let just your certificate without chain (intermediate) in your cert profile. And check in your ssl certificate list that you can see the correct common Name. already like that it should work with ssl error.

Then Add intermediate in a dedicated ssl certificate (you do not have to use the one of the certificate) and add it to ssl client profile...

Give me a feed back...

Regards.