Forum Discussion
bluepet_10591
Jun 15, 2011Altostratus
SSL::verify_result = 27 what does that mean?
Hi,
Firstly I apologise if this is a basic question, I did try troll around the devcentral but have not seen one that matches my issue.
Hope you guys can assist to help me understand.
Background
- user application browse our virtual server on our bigip LTM which have a SSL profile certificate with certificate request ticked.
- connection failed and upon checking it is due to irule check below matches verify_result !=0 namely 27
if { [SSL::cert count] == 0 or [SSL::verify_result] != 0 }
{
reject
}
the cert count = 2 and the value of verify_result = 27, which upon searching is
27 = X509_V_ERR_CERT_UNTRUSTED: certificate not trusted
The customer certificate is a valid certificate issued by thwte SGC CA - G2, I gather
Verisign
- Thawte SGC CA - G2
-- customer.domain.com
Why would it not a trusted certificate? Do I need to install their intermediate certificate root authority into my Bigip LTM box?
please advice
Cheers
Patrick
- bluepet_10591Altostratushi Nitass,
- hooleylistCirrostratusHi Patrick,
- bluepet_10591Altostratushi Aaron,
- nitassEmployeejust wondering if this passes.
- bluepet_10591Altostratushi nitass,
- nitassEmployeei suspect ca file which is set as trusted ca in clientssl profile is not complete (cannot make chain of trust from client certificate to root certificate) same as Aaron.
- bluepet_10591AltostratusGot the client cert, test it out with the trusted bundle certificate that I had (original)
- nitassEmployeegood job. thanks for update!
- Nick_31016NimbostratusI have installed the int certs as issued by verisign and run the verify against the cert they issued me and I still get the
- hooleylistCirrostratusThis was a similar issue as bluepet's where the root and multiple intermediate certs needed to be combined in a bundle for openssl verification to succeed.
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects