For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rfernandez_1884

Icon for Nimbostratus rank

Nimbostratus

Feb 02, 2016

I need to verify an ssl certificate chain with a certificate

I'm on LTM version 11.6 and I was using the following command. openssl verify -CAfile /directory of cert chain.crt /certificate path certificate.crt

1 Reply

Kevin_Stewart
Employee
Feb 02, 2016
The CApath option requires that the certificates be named uniquely based on a hash of their name, with a .0 extension.

Example: 1285dfe1.0

If you have all of the CA certs in a folder by themselves, you can use the following to rename them all:

for c in $(ll |awk -F" " '{ print $9 }'); do mv $c `openssl x509 -hash -noout -in $c`.0; done

So then you should have a folder full of correctly named CA certs. Example:

11cb4926.0 3c3c7119.0 67cbed36.0 7ace50d5.0 8bfc458a.0 eeb8b5c6.0

And now your openssl verify -CApath command should work.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5