Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Oct 25, 2016

Windows 2012 CA certs for F5

Hi all, as we have to move our Certificates to SHA2 we have a new Windows 2012 CA server. After creating new Web certs from the new CA server, we had "Connection Closed" on different browsers when trying to reach the VIPs on port 443. The SSL client certs ciphers have been left as default. There's no irules and the VIPs are standard.

When I put back the Windows 2003 CA certificates, it's working. I run the open ssl below and found that no certificates is shown with the new CA certs.

I have compare both certificates and there's no difference in the properties that I can see other than the sha1 & sha2.

Would anyone be able to advise what might be missing from our new CA server templates configuration ?

[adm@Host:Active:Changes Pending] ~  openssl s_client -connect 172.20.50.20:443
CONNECTED(00000003)
47898972639784:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 277 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

I check on both the certificate and key and there's are the same``

[adm@Host:Active:Changes Pending] certificate_d  openssl x509 -noout -modulus -in /config/filestore/files_d/Common_d/certificate_d/:Common:Test.crt_77214_1 | openssl md5
(stdin)= 5773260e200ee58e7c89ae5a374d9a64

[adm@Host:Active:Changes Pending] certificate_key_d  openssl rsa -noout -modulus -in /config/filestore/files_d/Common_d/certificate_key_d/:Common:Test.key_77211_1 | openssl md5
(stdin)= 5773260e200ee58e7c89ae5a374d9a64
No RepliesBe the first to reply