Forum Discussion
Windows 2012 CA certs for F5
Hi all, as we have to move our Certificates to SHA2 we have a new Windows 2012 CA server. After creating new Web certs from the new CA server, we had "Connection Closed" on different browsers when trying to reach the VIPs on port 443. The SSL client certs ciphers have been left as default. There's no irules and the VIPs are standard.
When I put back the Windows 2003 CA certificates, it's working. I run the open ssl below and found that no certificates is shown with the new CA certs.
I have compare both certificates and there's no difference in the properties that I can see other than the sha1 & sha2.
Would anyone be able to advise what might be missing from our new CA server templates configuration ?
[adm@Host:Active:Changes Pending] ~ openssl s_client -connect 172.20.50.20:443
CONNECTED(00000003)
47898972639784:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 277 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
I check on both the certificate and key and there's are the same``
[adm@Host:Active:Changes Pending] certificate_d openssl x509 -noout -modulus -in /config/filestore/files_d/Common_d/certificate_d/:Common:Test.crt_77214_1 | openssl md5
(stdin)= 5773260e200ee58e7c89ae5a374d9a64
[adm@Host:Active:Changes Pending] certificate_key_d openssl rsa -noout -modulus -in /config/filestore/files_d/Common_d/certificate_key_d/:Common:Test.key_77211_1 | openssl md5
(stdin)= 5773260e200ee58e7c89ae5a374d9a64
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com