F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Soujanaya_Sunku's avatar
Soujanaya_Sunku
Icon for Nimbostratus rankNimbostratus
Dec 05, 2013
Solved

When i am calling the URL hosted in F5 from Salesforce. Get sun.security.provider.certpath.SunCertPathBuilderException.

There is no way to import a certificate in to their Keystore. How do i import it the certificate in to F5 keystore .  
  • IheartF5_45022's avatar
    IheartF5_45022
    Dec 05, 2013

    The client MUST have either the cert from the F5 or the CA cert of the cert from the F5 in their trust store. No way around this.

     

    Also, make sure you have the CA/chain of the F5 cert correctly configured in the F5 SSL profile.

     

IheartF5_45022's avatar
IheartF5_45022
Icon for Nacreous rankNacreous
Jan 22, 2014

In a client ssl profile you need to include either chain or ca file to match your cert

ltm profile client-ssl pr_mcms_ssl_mysite.com.au {
    cert mysite.com.au.crt
    chain rsa_chain_v3.crt
    defaults-from clientssl
    key mysite.com.au.key
}

For serverside you may not need to do anything - I often use serverssl without modification - it depends whether you want to ensure the serverside cert is valid (by default it just accepts any old serverside cert), or if you want to pass a client cert to the server as part of the ssl handshake.