Forum Discussion

Nimbostratus

May 09, 2017

Unknown CA error for VIP that is doing SSL offloading on LTM

Website configured to go through LTM. SSL offloading handled by LTM. When accessing the site from an ipad gets unknown CA error. Packet capture from LTM shows the client (ipad) initiates the Clien...

Cirrostratus

May 09, 2017

I did some tests. Let's say we have:

Well known Root Ca

Intermediate CA1 Intermediate CA2 Cert issued by CA2 My setup is:

Chain file containing certificates:

CA2 CA1 Root CA Then in clientssl I have:

Certificate and key - one issued for VS FQDN Chain - one described above As result client is receiving in Server Hello both site certificate and certificates from chain file - everything is working OK.

Conclusion - check your Chain file, something has to be wrong here.

Check this article for steps to test your chain file SSL Profiles Part 3: Certificate Chain Implementation

Hope it helps

Piotr

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Unknown CA error for VIP that is doing SSL offloading on LTM

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Related Content

Mitigating the Unknown

HTTPS offload rewriting

FTPS Offload via iRules

SSL Offload with HTTP/2.0

Insufficient permissions BIG-IQ login error

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS