boneyard_11131
Jun 22, 2015Nimbostratus
Server SSL profile Server Authentication settings don't work?
im trying to configure the server ssl profile to accept certificates which it normally wouldn't to be able to provide better feedback to the users why the connection would fail. im aware of the risk.
for this i set the Server Certificate on require and the Expire Certificate Response Control and Untrusted Certificate Response Control both on ignore.
still the connection fails with these messages:
Jun 22 13:09:04 bigip-01 debug tmm1[17068]: 01260006:7: Peer cert verify error: unable to verify the first certificate (depth 0; cert /edit)
Jun 22 13:09:04 bigip-01 debug tmm1[17068]: 01260009:7: Connection error: ssl_shim_vfycerterr:4084: unable to verify the first certificate (48)
i can also set Server Certificate to ignore and then all server certificates are accepted, only then i can't use [SSL::verify_result] to determine the status, it is always 0 (OK).
anyone tried this and got some more insights on how to make it work.