Forum Discussion
39 Replies
- Rafa_Ayala_1738Nimbostratus
use the solution : SOL14499
[root@asm03:Active:Standalone] exampleCA ls client1.crt client1.key client1.p12 client1.pem client1.req clientCA.crt clientCA.key clientCA.p12 clientCA.pem client2.crt
convert client key/cert pair to PKCS12 and send costumer the certificate: client1.p12
set in my ASM trusted certificate Autorities with the certificate : clientCA.crt
set in the profile ssl configuration :
wifi_host_test1 = client2.crt(self signed by my CA "clientCA-cert) <<<<<
Thank You
- dragonflymrCirrostratusI assume that it started to work? I really missed "using F5's self-signed certificate" part of this post subject :-( I doubt it's possible to use self-signed cert as client cert - it breaks logic of certificate based authentication. Piotr
- Rafa_AyalaNimbostratus
Not work :(
All certificates are signed by my CA.
client1.p12 signed by my CA (f5) and send costumer /install in desktop
clientCA.crt is my CA (F5)
client2.crt is my webserver cert
my TMOS version : 11.5.1 HF8
- dragonflymrCirrostratus
It sad to hear that. I have no idea what could be wrong here. I followed referenced SOL and my lab system started to work without any issue. Will dig in my notes and try to post troubleshooting steps that can be used - but on Monday, right now here in Europe weekend begins - time to trow away work stuff and do some partying :-)
Piotr
- nitassEmployee
All certificates are signed by my CA.
how did you create client1 certificate (i.e. how did you sign client1 certificate)?
- Rafa_AyalaNimbostratus
Hello nitass
I followed the step : Creating and signing a client certificate in the solution :SOL14499
Thank you
- Rafa_AyalaNimbostratus
The problem is solved, I had a problem with the common name :)
My new error is :
Verify return code: 20 (unable to get local issuer certificate)
My web Server certificate is signed by verisign and my (authentication certificate ) is signed by my local CA
- nitassEmployee
Verify return code: 20 (unable to get local issuer certificate)
is Verisign root ca certificate in client's ca certificate store?
- Rafa_Ayala_1738Nimbostratus
Yes nittas the customer has a certificate installed , the cert verisign are default in the web browser
thank you
- nitassEmployeewasn't the unable to get local issuer certificate error from openssl command? was Verisign root ca certificate in openssl ca certificate store?
- Rafa_AyalaNimbostratus
Yes nittas the customer has a certificate installed , the cert verisign are default in the web browser
thank you
- nitassEmployeewasn't the unable to get local issuer certificate error from openssl command? was Verisign root ca certificate in openssl ca certificate store?
- Rafa_AyalaNimbostratus
hello
apologies for not respond
My problem is solved , I did not have the root of symantec jejej