Publishing a website with SSL using an internal certificate

Hi all

 

Im using F5 BIGIP v13 as reverse proxy to publish some websites. When publishing using SSL with a 3rd party certificate it works. But now im trying to publish an internal site with a certificate signed with my local CA, and no way to make it work.

 

I have created two VS. One for HTTP and another for HTTPS. Publishing the site as HTTP works: client --http--> F5 --http--> server

 

Publishing the same site as HTTPS, does not work: client --https--> F5 --https--> server

 

The server responds correctly to both HTTP and HTTPS.

 

The certificate with the full chain (the internal CA root cert) is imported. The VS is configured with a client ssl profile with the certficate, key and chain. The VS is configured with the default serverssl profile.

 

Firefox shows an error: "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."

 

openssl command seems to return no errors:

 

openssl s_client -connect 192.168.206.70:443 -cert /config/filestore/files_d/LAN_d/certificate_d/:LAN:WILDCARD_mydomain.lan.crt_160529_1 -key /config/filestore/files_d/LAN_d/certificate_key_d/:LAN:WILDCARD_mydomain.lan.key_160527_1

 

CONNECTED(00000003)depth=1 DC = lan, DC = mydomain, CN = myou verify error:num=19:self signed certificate in certificate chainverify return:0...No client certificate CA names sent...Verify return code: 19 (self signed certificate in certificate chain)

 

Am I doing something wrong? What would be the correct way to configure this?

 

Thanks!