Trusted Certificate Authorities

So I have an SSL profile setup with my cert and key. Also i have the Trusted CA option checked in my SSL profile going back to a file i created with alot of root and intermediate certs created with PEM formatted certs.

admin@f5dmzp:Active] ~ openssl verify -CAfile /config/ssl/ssl.crt/CertStore_X_XX_XXXX.crt /config/ssl/ssl.crt/XXX.crt

/config/ssl/ssl.crt/XXX.crt: OK

[admin@f5dmzp:Active] ~

~~[admin@f5dmzp:Active] ~ openssl verify -purpose sslserver -CAfile /config/ssl/ssl.crt/CertStore_X_XX_XXX.crt /config/ssl/ssl.crt/XXX.crt~~

~~/config/ssl/ssl.crt/XXX.crt: OK~~

~~[admin@f5dmzp:Active] ~~~

So when we have an order from a vendor come in this is what i see in my TCP DUMP

1. Client Hello

2. Server Hello,Certificate , Certificate Request, Server Hello Done,

3. Than i see some acks back and forth but i never see them sending the Certificate and , Client Key Exchange.

4. Then the connection resets

They wanted me to send my Trusted CA but none of my other vendors need that. Could this be a setting on their end they are using a SAP Server.

config

design

Forum Discussion

Trusted Certificate Authorities

Recent Discussions

F5 iRule to route traffic based on AS2 headers doesnt work

Trouble with TCP::option set 28

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

LDAPS: intermittent login issues

Related Content

Understanding Server SSL Trusted Certificate Authorities on BIG-IP

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

JWT authorization with NGINX Ingress Controller