For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gabor_Torok_937's avatar
Gabor_Torok_937
Icon for Nimbostratus rankNimbostratus
Feb 21, 2006

Peer cert verificaiton error

Hi, Does anyone know where to look at to find out what is causing this error? Feb 20 18:50:04 tmm tmm[856]: 01260014:4: Peer cert verify error: unable to get local issuer certificate (depth 0; ...
application delivery
dev
devops
iRules
Gabor_Torok_937's avatar
Gabor_Torok_937
Icon for Nimbostratus rankNimbostratus
Feb 23, 2006
Sure. Here is my iRule:


when CLIENTSSL_HANDSHAKE
    {
    set my_serial_number [X509::serial_number [SSL::cert 0]]
    if { [matchclass $my_serial_number eq $::RMS_blacklist] }
        {
        log local0. [concat "BLACKLISTED serial: " $my_serial_number]
        reject
        }
    else
        {
        log local0. [concat "DEBUG - serial: " $my_serial_number]
        }
    }

And some additional info:

- RMS_blacklist is an external data group containing integers. It's meant to contain certificate serial numbers.

- This iRule is assigned to one of our virtual servers, which is enabled only on External traffic (if that counts).

How do I know which side our script is running on? I automatically assumed that it would be running on client-side, but now I'm uncertain.

Thanks for your help in advance,

Tote