Verify Client Certificates

Question

Hi.&nbsp;I have a system that need Client Certificates, the SSL profile is requesting one and a Irules to check is one supplies and is the correct bits, verifyed..... ,&nbsp; the client Certificates are loaded and defines in the CA "requires" and advertised" bundles.&nbsp; Access is working correct as required.&nbsp;But the client something generates the certificates incorrectly or not using the CA as defined in the bundles.&nbsp; &nbsp;The F5 dose generate logs "Crypto codec error: sw_crypto-1 Failed to verify PSS padding." and other crypted logs but it needs to Tech to find the log and still it is not clear what wrong.&nbsp; &nbsp;Anyone has a way - Irules/app/CLI to verifying client certificates and it fields that the client can call via a Web site?&nbsp; &nbsp;They don't want to supply us the keys so testing is very limited.&nbsp; A perfect solution would be a https site to check correct CA signing, "key usage" definitions, ....&nbsp; I think the "PSS" issues is a bad client key.&nbsp;thanks

zamroni777 · Answer

you can do tcpdump.ssl setup details will be shown in the dump file.
&nbsp;

Forum Discussion

Verify Client Certificates

1 Reply

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Connections appear not to use Persistence

LB Connection Limit Detection Method

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Related Content

Automating Certificate Management on F5 BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Automating ACMEv2 Certificate Management on BIG-IP

SSL Client Certification Alert 46 Unknown CA

BIG-IQ Client Certificate (PKI) Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS