Forum Discussion
Unable to define WSS client certificate in F5-ASM
Hello, I'm trying to define for web-services security, a client certificate client_cert issued by another self-signed certificate root_cert, under:
Security >> Options:Application Security: Advanced Configuration: Certificates Pool >> Certificate Properties
I need to paste the PEM text only for the leaf certificate (client_cert) and need to rely on having F5 trust it based on having the root_cert defined elsewhere.
The problem is whwne saving the client_cert I'm getting an error:
- Validation failed: Failed to verify the certificate, /ts/var/cert/temp_ssl_cert.pem: C=ZA, O=Org_name, OU= Unit_name, CN= Community_name error 20 at 0 depth lookup: unable to get local issuer certificate
I tried to define the issuing certificate (root_cert) in /config/ssl/ssl.crt/ca-bundle.crt using:
- openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt
But still getting the same above error.
Kindly help,
Regards,
It appeared that after executing the below command:
- openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt
The root_cert was appended to the last line of the previously existing certificate:
-----END CERTIFICATE----- Certificate:
We had to insert a blank line between these to become as follows at which moment we could define successfully the client WSS certificate (client_cert):
-----END CERTIFICATE-----
blank_line
Certificate:
Regards,
.
- MountazarNimbostratus
It appeared that after executing the below command:
- openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt
The root_cert was appended to the last line of the previously existing certificate:
-----END CERTIFICATE----- Certificate:
We had to insert a blank line between these to become as follows at which moment we could define successfully the client WSS certificate (client_cert):
-----END CERTIFICATE-----
blank_line
Certificate:
Regards,
.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com