SSL certificate issues with Lync 2013

Question

I'm trying to verify the certificate with Lync 2013 but I keep getting error messages when I attempt to verify. &nbsp;
openssl verify -purpose sslclient -CAfile /config/filestore/files_d/Common_d/certificate_d/:Common:clyncweb.crt_41052_1 /config/filestore/files_d/Common_d/certificate_d/:Common:clyncwebCA.crt_41060_1&nbsp;
/config/filestore/files_d/Common_d/certificate_d/:Common:clyncwebCA.crt_41060_1: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
error 18 at 0 depth lookup:self signed certificate
OK&nbsp;
Currently I'm running on 11.4.1HF3. Any advice on where to go next with my troubleshooting?&nbsp;

kevin_k_51432 · Answer

Greeting Zuke,
I put the client cert first and got the same error. Swapping client and CA certs in the parse order seems to have fixed this:
  openssl verify -purpose sslclient -CAfile auser.crt client_auth-ca.crt
client_auth-ca.crt: C = CA, ST = CA, L = CA, O = CA, OU = CA, CN = ca.com
error 18 at 0 depth lookup:self signed certificate
OK

openssl verify -purpose sslclient -CAfile client_auth-ca.crt auser.crt
auser.crt: OK

Hope that helps,
Kevin

Forum Discussion

SSL certificate issues with Lync 2013

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS