For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

shifterracer_16's avatar
shifterracer_16
Icon for Nimbostratus rankNimbostratus
Feb 19, 2015

Network Solutions EV SSL Not Trusted

Hey Guys, Ok I'm past frustrated with trying to find the correct combo to get a NS EV SSL cert to work correctly on my LTM (10.2.4). I have one client that uses NS and renewed their NS cert, but thi...
application delivery
deployment
LTM
security
shifterracer_16's avatar
shifterracer_16
Icon for Nimbostratus rankNimbostratus
Feb 20, 2015

yeah i tried that combo Shaggy...no luck.

 

I also tried the NetSolEV-Post.p7b, but i couldn't install it because it's a p7b cert and it needs to be converted. F5 Import Cert error:

 

Import Failed: OpenSSL error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag

 

So to convert it i ran the following command to try to convert it.

 

openssl pkcs7 -in NetSolEV-Post.p7b -text -out NetSolEVBundle.pem -print_certs

 

 

It then kicks back the following error.

 

unable to load PKCS7 object 22196:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: PKCS7

 

 

I could be wrong, but this usually means the header and footer are not correct. i tried to open it in notepad to fix that, but i get text that's encoded that i'm not able to understand.

 

 

So next i just looked at the NetSolEV-Post.p7b cert and i see it's made up of the NetworkSolutions Certificate Authority and Network Solutions EV Server CA cert, which i believe are the ones from the original zip file Network Solutions sent me. So i combined those and installed them into the F5 without a problem. I then tried it in the Profile -> Chain as well as in the Trusted Certificate field. Digicert still returns chain not trusted.