For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rfernandez_1884's avatar
rfernandez_1884
Icon for Nimbostratus rankNimbostratus
Feb 02, 2016

I need to verify an ssl certificate chain with a certificate

I'm on LTM version 11.6 and I was using the following command. openssl verify -CAfile /directory of cert chain.crt /certificate path certificate.crt  
BIG-IP
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 02, 2016

The CApath option requires that the certificates be named uniquely based on a hash of their name, with a .0 extension.

Example:    1285dfe1.0

If you have all of the CA certs in a folder by themselves, you can use the following to rename them all:

for c in $(ll |awk -F" " '{ print $9 }'); do mv $c `openssl x509 -hash -noout -in $c`.0; done

So then you should have a folder full of correctly named CA certs. Example:

11cb4926.0
3c3c7119.0
67cbed36.0
7ace50d5.0
8bfc458a.0
eeb8b5c6.0

And now your openssl verify -CApath command should work.