Certificate Issue : unable to find valid certification path to requested target
Hello, We deployed a staging e-payment application, using a Virtual Server with these properties : port : https protocol profile : mptcp-mobile-optimized HTTP Profile : XFF SSL Profile : 2 certificates - The issued certificate & a second certificate with Default SSL Profile for SNI SNAT Pool : ip in the same subnet as nodes. Pool : 2 pool members with port 7010 I'm using public certificates (signed by CA Verisign G5 & CA Symantec G4) the web page is displayed correctly, & SSL checks says all is ok (tested with "; & ";) the actual issue is that transaction doesn't pass over https (in http it works fine) here's the error message relived from client side : -An exception occured in HTTPProcess sendMessage. Exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - doPost exception encountered. Exception: java.lang.NullPointerException. can you support us please?
Possibility of the Dynamic hostname in the SNI field?
Hello Guys, Can somebody please help me to know if I can have a dynamic host address in the serverssl profile with which I can enable the SNI on it. SO in short I have a requirement in which the hostname will be changing (****.example.com) all the time but it needs to be there in the SNI field. As far as I know, we can have a static entry in its filed so not sure if the dynamic can be placed in it or not. Really appreciate your time and help. Thanks and regards, RSNI in sol13452 and Default / fallback client ssl profile
how to Drop https request for Default / fallback clientssl profile, SNI in sol13452 sol13452 describes very well for "Configuring a virtual server to serve multiple HTTPS sites using the TLS Server Name Indication feature" but solution does not say about if I do not want the connection to establish when required hostname (CN / servername) is not coming from client request then how to drop the connection. Should I use iRule or profile parameter tweak will enable this feature.
Weird problem with Letsencrypt and SNI
Hello, Im facing a problem with a VIP which has more than 1 certificate, Im adding an SNI certificate , and then another certificates which has been made by letsencrypt script for f5. if client visit example.com the certificate loads well. if client visit it loads the default sni certificate.. in the certificate san it has both www and non-www certificate. What could cause such issue? anyone else has faced this problem? Thanks!