For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Priceless_20483's avatar
Priceless_20483
Icon for Nimbostratus rankNimbostratus
Mar 15, 2016

SSL Profiles Client Authentication - Trusted Certificate Authorities

Hi,

 

I'm trying to configure client authentication with an SSL Client Profile and i'm running into a problem. The requirement for is to set Client Certificate to "require" but when I do I get the following errors after setting the SSL logging level to debug.

 

Mar 15 10:05:31 pvm-int-f5-2 debug tmm1[14306]: 01260006:7: Peer cert verify error: self signed certificate in certificate chain (depth 1; cert /DC=intra/DC=test/CN=TEST567) Mar 15 10:05:31 pvm-int-f5-2 debug tmm1[14306]: 01260009:7: Connection error: ssl_shim_vfycerterr:4249: self signed certificate in certificate chain (48) Mar 15 10:05:31 pvm-int-f5-2 info tmm1[14306]: 01260013:6: SSL Handshake failed for TCP 10.12.2.41:53640 -> 10.14.103.18:443

 

TEST567 is our internal Microsoft ROOT CA. The cert for this vserver "npo2mf.dev.intra" is issued by TEST567.

 

 

 

 

Any help would be appreciated.

 

application delivery
LTM

1 Reply

  • Amanpreet_Singh's avatar
    Amanpreet_Singh
    Icon for Cirrostratus rankCirrostratus
    Mar 16, 2016

    Seems like you are using Self-Signed CERT. You can deal it with either using CA cert OR distribute and installed this MS Self-signed cert on client's browsers.