Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusServer and client certificate CN should match or not in client authentication
During client authentication set to require.
F5 certificate CN and Client certificate CN should match?
I uploaded CA bundle through GUI but that is not shown in
/config/file...
F5 certificate CN and Client certificate CN should match?
no, cn should not be the same because they authenticate different things (one authenticates server but the other one authenticates client).
I uploaded CA bundle through GUI but that is not shown in /config/filestore/files_d/Common_d/certificate_d
i understand it is correct. trust_certificate_d is for device trust.
nitass_89166
Noctilucent
Noctilucenti do not know what the full name of CHecking.crt in filestore is and what and where the client certificate file is. anyway, this is an example.
openssl verify -verbose -CAfile /config/filestore/files_d/Common_d/certificate_d/\:Common\:chain.crt_39032_1 /var/tmp/client2.crt
nitass_89166Noctilucent
Noctilucent>I have uploaded CA bundle but when looking into that certificate_d folder they are converted into 3 certificates of CA which bundle contained.
can you try to concat (cat) 2 intermediate and 1 root certificates to 1 file and set it in ssl profile?
sol13302: Configuring the BIG-IP system to use an SSL chain certificate (11.x)
https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html
