The-messenger
Apr 26, 2018Cirrostratus
Machine Cerrt auth - new PKI Multi-level CA
I have had machine cert auth working in several APM profiles, now I need to move to a new Certificate Authority. The new CA is a multi-level PKI with root CA (offline) > subordinate CA.
I attempted to make the move to the new CA by using the same process I did with the single level CA, export the CA certificate, in this case from the subordinate CA, import to the big-ip and apply to the certificate authority policy. This is failing with "unable to get local issuer certificate"
Could this be that I don't have the full chain?
Looking at the CA certificates side by side on the big IP I can't see a difference between the cert from the new PKI multi-level and the old single level CA.
On the workstation I'm testing with I have removed all machine certs except for the one I'm testing, which is issued by the PKI multi-level CA I'm testing.