I need to verify an ssl certificate chain with a certificate

Question

I'm on LTM version 11.6 and I was using the following command.
openssl verify -CAfile /directory of cert chain.crt /certificate path certificate.crt&nbsp;

kevin_stewart · Answer

The CApath option requires that the certificates be named uniquely based on a hash of their name, with a .0 extension.
Example:    1285dfe1.0

If you have all of the CA certs in a folder by themselves, you can use the following to rename them all:
for c in $(ll |awk -F" " '{ print $9 }'); do mv $c `openssl x509 -hash -noout -in $c`.0; done

So then you should have a folder full of correctly named CA certs. Example:
11cb4926.0
3c3c7119.0
67cbed36.0
7ace50d5.0
8bfc458a.0
eeb8b5c6.0

And now your openssl verify -CApath command should work.

Forum Discussion

I need to verify an ssl certificate chain with a certificate

1 Reply

Recent Discussions

Errors with AS3 3.56.0 with F5 17.5.1.6

ssh: Common Criteria mode initialized

iRule for client certificate

Viprion congestion settings with MPLS

F5 VELOS Backplane Inter-Tenants Communication

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS