Forum Discussion
Alexey_384
Historic F5 Account
Log shows that you can't pass an access policy. There are a lot of possible misconfigurations, but the common one is an untrusted server certificate. Have you add the CA cert in a cert store? If not you should set it or use an option to ignore the server certificate.
praveen_145890
Feb 28, 2014Nimbostratus
Hi Alexey,
Thanks for the reply. I did add the CA and intermediate certificate's to the store. Prior to not adding them I was getting an error saying
X509_verify_cert unable to get issuer certificate
verify_server_cert_cb return with ret=0
After adding the CA and intermediate certs in the chain, the value of is set to 1.
verify_server_cert_cb return with ret=1
I don't know what it means, but was assuming that the certificate checks are valid.
I did try the client f5fpc with -x (to ignore certificate checks), and still was running into the same issue of
USocketBlocking::send(), EXCEPTION - Failed to send data, xx.xxx.xxx.xx, Bad file descriptor
One of the interesting things is that F5 standalone vpn client resolves the host name to an ip address and the SSL certs are not tied to that ip address. The SSL certs have the wildcarded hostname in them.
Would appreciate if there are any other ideas.
Thanks
Praveen