Forum Discussion
pool member sending Alert (Level: Fatal, Description: Unknown Certificate [46]) for a new SSL Cert of a VS
I came across this https://mta.openssl.org/pipermail/openssl-users/2017-April/005683.html
> Secure Sockets Layer
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
> Content Type: Alert (21)
> Version: TLS 1.2 (0x0303)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Certificate Unknown (46)
Client objects to the server chain. Either does not trust the MiTM root CA, or
is unhappy about its encoding (assuming tshark is not generating an FP warning).
And here is the tcpdump analysis that highlights our situation.
- Bank-end sends Locally signed Cert to F5 Self IP. F5 likes it and we see Client Key Exchange.
- VS sends new 4096 bit key size client cert (signed by Entrust that signs current one as well) to back-end
- Back-end flags Alert Cert Unknown.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com