Forum Discussion
NimbostratusWhen i am calling the URL hosted in F5 from Salesforce. Get sun.security.provider.certpath.SunCertPathBuilderException.
There is no way to import a certificate in to their Keystore. How do i import it the certificate in to F5 keystore .
The client MUST have either the cert from the F5 or the CA cert of the cert from the F5 in their trust store. No way around this.
Also, make sure you have the CA/chain of the F5 cert correctly configured in the F5 SSL profile.
4 Replies
IheartF5_45022Nacreous
The client MUST have either the cert from the F5 or the CA cert of the cert from the F5 in their trust store. No way around this.
Also, make sure you have the CA/chain of the F5 cert correctly configured in the F5 SSL profile.
Soujanaya_SunkuThanks Once we made sure the CA/Chain is there in F5 , it started working . Thanks.
AP_129594So under the client/server ssl profile, you have to change to the CA/Chain?
- IheartF5_45022
In a client ssl profile you need to include either chain or ca file to match your cert
ltm profile client-ssl pr_mcms_ssl_mysite.com.au { cert mysite.com.au.crt chain rsa_chain_v3.crt defaults-from clientssl key mysite.com.au.key }For serverside you may not need to do anything - I often use serverssl without modification - it depends whether you want to ensure the serverside cert is valid (by default it just accepts any old serverside cert), or if you want to pass a client cert to the server as part of the ssl handshake.
