Forum Discussion
Stefan_Klotz_85
Cirrus
CirrusNeed help with SSL handshake failure and client certificates
Hi,
we are using a clientSSL-profile with client certificate set to require and also configured the trusted/allowed CA. When connecting to this VS with a valid client certificate we are ending up w...
Hi Ashwin,
thanks for your help, but we could solve the issue. It starts working after we configured the whole chain for the "Trusted Certificate Authorities"-option in the "Client Authentication"-section of the clientSSL-profile, where we initialy only configured the single issuer certificate from the client-certificate.
But what is still strange for us, as I already mentioned, in the other region it's still working with just the single issuer certificate (which I also thought that this is sufficient). Might this be related to some settings on the clientside? Not sure if it's important or relevant, but the client in our case is a CA API Gateway.
Thank you for some final hints!
Ciao Stefan :)
Stefan_Klotz
Cumulonimbus
CumulonimbusHi Ashwin,
thank you for the quick answer. The signature algorithm shouldn't be an issue as this is SHA1 with RSA. But which certificate in the SSL profile do you mean? The server certificate, the client certificate or the issuer certificate (from the client certificate)?
What I can provide in the meanwhile from the SSL debugging is this message:
ssl_hs_rxhello:7103: unsupported version (40)
Does this help or indicating in the correct direction?
Thank you!
Ciao Stefan 🙂