Forum Discussion

Nimbostratus

Sep 27, 2013

Two way SSL problems with APM on BIGIP

Receiving ssl_shim_vfycert:2461 when attempting two way ssl authentication. Does anyone know the underlying cause of this message or where I can find an error reference?

ssl client authentication

Kevin_Stewart

Employee

Oct 08, 2013

The message you're describing generally relates to errors in the client certificate verification process. The next step, in my opinion, should be to manually verify that the client certificate(s) do actually validate against the given CA cert(s). Upload one of the client certificates to the F5 and use the OpenSSL verify command:

[http://www.openssl.org/docs/apps/verify.html](http://www.openssl.org/docs/apps/verify.html)

Example:

openssl verify -CAfile [CA certificate] [user certificate]

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Two way SSL problems with APM on BIGIP

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Does F5 Rules for AWS WAF - Common Vulnerabilities & Exposures Mitigate Log4J vulnerabilities

Credentialed Scanning - F5OS - Rseries

WebSocket connection to 'wss://...' failed: Invalid frame header

f5 asm reporting aggregate

rSeries 4600 additional Core Enable

Related Content

Re: BigIP Report

BigIP Report Old

Securing APIs with BigIP

Integrating the F5 BIGIP with Azure Sentinel

Upgrade F5 BIGIP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS