Hi here is the output of the openssl. Can establish SSl handshake please help.

Actually story starts as client asked for .CSR file. i created a .CSR file and provided it to client. they gave us a certificate in .crt format. Which i uploaded in that file which already had the private key and no certificate in F5. Then i uploaded the whole chain in Trusted certificate authorities and also in browser and this was the error which i posted in question.

Yes client side SSL profile is set to require. and CA bundle is uploaded in Trusted certificate Authorities

curl output. [root@www:Active:Changes Pending] config curl -iv https://10.50.171.5:7777/ * About to connect() to 10.50.171.5 port 7777 (0) * Trying 10.50.171.5... connected * Connected to 10.50.171.5 (10.50.171.5) port 7777 (0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection 0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.