GTM-LTM Not Exchanging Cert

Question

I'm trying to connect a LTM, running 9.3.1, to a GTM, running 9.4.3. The GTM has a self-generated cert and the LTM has privately generated cert.  
&nbsp; I ran big3d_install and bigip_add on the GTM to update the big3d daemon on the LTM and get the LTM's cert. When I ran iqdump on the GTM to verify the exchange I get the error message: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844 
&nbsp; Running iqdump on the LTM show the GTM cert. 
&nbsp; The F5 site kb has doc SOL6692 that seems to describe the problem but says the problem was fixed with ver 9.4.2. 
&nbsp;  
&nbsp; Any ideas as to what may be happening here?

deb_allen_18 · Answer

Reading CR67836, it looks like the fix mentioned simply added the Certificate Depth setting, but the default is still 0.  Apparently it needs to be set to a value between 1 and 9. A value of 2 was suggested as a possibly saner default, so I'd start with 2.  
&nbsp;  
&nbsp; I just updated the solution, should be re-published including that detail shortly. 
&nbsp;  
&nbsp; /deb 
&nbsp;  &nbsp;

wesweber_98132 · Answer

I'm searching for CR67836 on the F5 KB and the doc itself isn't coming up. Also, is the depth setting made at the CLI or the Config gui.

jrahm · Answer

It is set in the GUI under System-&gt;General Properties-&gt;General-&gt;Certificate Depth

Forum Discussion

GTM-LTM Not Exchanging Cert

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

GTM and LTM iquery issues

add LTM to GTM

Integrating Hashicorp Vault with Cert Manager and F5 NGINX Ingress Controller

Exchange 2016

GTM Design | LTM+ ASM+GTM on same VM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS