Forum Discussion
Raj_57800
Nimbostratus
NimbostratusLocating the Issuer List in LTM
Hi Team,
I had a SSL cert installed in the LTM 9.3.1 which was provided by Verisign. How I have moved to a different vednor and I am not able to load the certficate.
The error message what I see is "Key Mistmatch".The new vendor from which I get the CER file is "COMODO".
How I can check in LTM that COMODO is a valid Issuer to load the certificate in the F5.
Need urgent help. Thanks
Raj
Raj_57800Is it the list what I See in the CA bundle can be considered as the valid Issuer ?
raj
hoolioCirrostratus
If it's critical to get a quick answer, I'd suggest you open a case with F5 Support.
It sounds like you're getting the key mismatch error from the GUI when trying to import either the cert or the key. This indicates that the actual key you're trying to import can't be validated against the cert you're trying to pair it with. It doesn't have anything to do with the issuer of the cert.
Do you have both the cert and the key in PEM format? Is there a passphrase on the SSL key? If so, for 9.3.x, I think you'll need to remove it.
A search of the forums for the string "key mismatch" returns this post with details on troubleshooting the issue further:
Certificate creation error
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=32&tpage=1&view=topic&postid=21021
Aaron- Raj_57800Hi Aaron,
Thanks for your reply. The vendor provided me the certificate in PKCS7 format which is not supported in 9.3.x version.
I manually changed the cert to pem format and loaded the same and it worked good. Thanks for your suggestion.
Raj - hoolioYeah, v10.1 allows importing of PKCS certs/keys directly. But in prior versions you need to convert the cert/key to PEM before importing them
Glad you got it working.
Aaron