New SSL Certificate update breaks F5 On-Demand
Greetings, Our SSL certificate for our virtual server entry expired yesterday, so I replaced it as normal process. However, On-Demand VPN users using the IOS application can no longer login via certificate auth. According to F5 device, the On-Demand certificate doesn't expire till 2017. However since switching to the new web cert the IOS client now throws “Server rejected the supplied client certificate or one was not sent”. The caveat to this is that we are using MobileIron to manage the certificates and policies on the iDevices. If I am to switch back to the expired SSL certificate it all works flawlessly. I am failing to understand how switching the virtual/web SSL certificate breaks the On-Demand feature. However, enabling SSL Debug, the only error that crops up is: Peer cert verify error: unable to get local issuer certificate (depth 0; cert /CN=F5SSLONDEMAND2-clientname/OU=appSetting:a9146cd7-011a-441e-xxxx-xxxxxx) Connection error: ssl_shim_vfycerterr:4249: unable to get local issuer certificate (48) However I am failing to find any information on this. I've tried creating a new policy within MobileIron and uploaded the new root CA certificate that it creates. However I still have the same error. While I understand MobileIron is a completely different system and likely out of F5's scope. It is F5 producing the error and my google-fu fails to find anything positive to rectify this error. Any assistance would seriously be appreciated. Cheers, David