Cirrus
MVPHi F5LearnerLNR,
the support solution (K000139300: DEVICE-00060: Internal error testing authentication) actually tells you exaclty what to do.
You must replace the private key and certificate for the webUI on your rSeries with another one, which contains a well formed SAN.
Beginning from v20.2 the BIG-IP Central Manager requires that the VELOS or rSeries provider has a well formed SAN certificate.
What does this actually mean? Let's say want to add your rSeries as a provider to the BIG-IP Central Manager with it's FQDN (example: my-rseries01.mydomain.com), then this FQDN must be in the Subject Alternative Name (SAN) extension of the SSL certificate which is installed on your rSeries. The same applies if you want to add it by IP - in that case the IP has to in the Subject Alternative Name (SAN).
In the K000139300 there is a link to https://my.f5.com/manage/s/article/K11438 which explains you with a step-by-step guide how to create such a certificate with a well formed SAN.
Good luck
Daniel
CirrusHi Daniel ,
Thanks for this detailed explanation and i read this article , and created SAN based certification for webUI , still i could not get rid of this error message DEVICE-00060: Internal error testing authentication . And you know what even if i give incorrect credentials it still gives the same error , so even if the credetials are right and the device is with SAN certificate , i still get this error
MVPWhen you check your cert with the openssl , what does it say?
┌──(webserverdude@linux-vm)-[~/Downloads/ssl]
└─$ openssl x509 -in my-rseries.crt -noout -textIt should look like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(removed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, ST = Hessen, L = Bad Vilbel, O = domain.com, OU = IT, CN = my-rseries.domain.com
Validity
Not Before: Jun 2 14:11:41 2024 GMT
Not After : Jul 2 14:11:41 2024 GMT
Subject: C = DE, ST = Hessen, L = Bad Vilbel, O = domain.com, OU = IT, CN = my-rseries.domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus: (removed)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:my-rseries5000.domain.com, IP Address:10.10.10.10
X509v3 Subject Key Identifier:
(removed)
Signature Algorithm: sha256WithRSAEncryption
Signature Value: (removed)This part is important X509v3 Subject Alternative Name.
In this part you should find the DNS name of your rSeries, the IP Adress or both. DNS must be as DNS and IP must be as IP Address.