Unable to define WSS client certificate in F5-ASM

Question

Hello, I'm trying to define for web-services security, a client certificate client_cert issued by another self-signed certificate root_cert, under:

Security >> Options:Application Security: Advanced Configuration: Certificates Pool >> Certificate Properties

I need to paste the PEM text only for the leaf certificate (client_cert) and need to rely on having F5 trust it based on having the root_cert defined elsewhere.

The problem is whwne saving the client_cert I'm getting an error:

Validation failed: Failed to verify the certificate, /ts/var/cert/temp_ssl_cert.pem: C=ZA, O=Org_name, OU= Unit_name, CN= Community_name error 20 at 0 depth lookup: unable to get local issuer certificate

I tried to define the issuing certificate (root_cert) in /config/ssl/ssl.crt/ca-bundle.crt using:

openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt

But still getting the same above error.

Kindly help,

Regards,

mountazar · Accepted Answer

It appeared that after executing the below command:

openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt

The root_cert was appended to the last line of the previously existing certificate:

-----END CERTIFICATE----- Certificate:

We had to insert a blank line between these to become as follows at which moment we could define successfully the client WSS certificate (client_cert):

-----END CERTIFICATE-----

blank_line

Certificate:

Regards,

.

Forum Discussion

Unable to define WSS client certificate in F5-ASM

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Unable to access GUI

My Security+ Certification Journey