cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to define WSS client certificate in F5-ASM

Mountazar
Nimbostratus
Nimbostratus

Hello, I'm trying to define for web-services security, a client certificate client_cert issued by another self-signed certificate root_cert, under:

Security >> Options:Application Security: Advanced Configuration: Certificates Pool >> Certificate Properties

I need to paste the PEM text only for the leaf certificate (client_cert) and need to rely on having F5 trust it based on having the root_cert defined elsewhere. 

The problem is whwne saving the client_cert I'm getting an error:

  • Validation failed: Failed to verify the certificate, /ts/var/cert/temp_ssl_cert.pem: C=ZA, O=Org_name, OU= Unit_name, CN= Community_name error 20 at 0 depth lookup: unable to get local issuer certificate

I tried to define the issuing certificate (root_cert) in /config/ssl/ssl.crt/ca-bundle.crt using:

  • openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt

But still getting the same above error.

Kindly help,

Regards,

1 ACCEPTED SOLUTION

Mountazar
Nimbostratus
Nimbostratus

It appeared that after executing the below command:

  • openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt

The root_cert was appended to the last line of the previously existing certificate:

-----END CERTIFICATE----- Certificate:

We had to insert a blank line between these to become as follows at which moment we could define successfully the client WSS certificate (client_cert):

-----END CERTIFICATE-----

blank_line

Certificate:

Regards,

.

View solution in original post

1 REPLY 1

Mountazar
Nimbostratus
Nimbostratus

It appeared that after executing the below command:

  • openssl x509 -in root_cert.crt -text >> /config/ssl/ssl.crt/ca-bundle.crt

The root_cert was appended to the last line of the previously existing certificate:

-----END CERTIFICATE----- Certificate:

We had to insert a blank line between these to become as follows at which moment we could define successfully the client WSS certificate (client_cert):

-----END CERTIFICATE-----

blank_line

Certificate:

Regards,

.