Forum Discussion
Hi,
Did you see this kb:
https://support.f5.com/csp/article/K66643540
This message occurs when one of the following conditions are met:
- You have a BIG-IP systems in a high availability (HA) configuration that is unable to verify a remote BIG-IP system's device trust SSL certificate.
- You have configured a Client SSL profile to require client certificate authentication and the BIG-IP system is unable to verify the client's SSL certificate.
SSL certificate verification may fail for a variety of reasons. Two popular reasons include:
- The received SSL certificate has not been signed by a recognized CA.
- The received SSL certificate validity period has expired.
My question is did you perform client auth (cert)?
regards
- TabberSep 18, 2019Altostratus
youssef,
I did use that kb but forgot to mention in my original post.
We are not performing client auth but on server SSL we are validating server SSL certificates against our Trusted CA list. The F5 is operating properly in dropping these certificates so that is no my problem. I'm trying to figure out what Server is responding with the bad certificate so I can back trace through either F5 logs or my Firewall logs to determine the clients that are reaching out to these misconfigured Servers.
Thank you for your advice.