Michael_A__Fied
Nimbostratus
NimbostratusUsing the Server SSL Profile with an intermediary CA
I have a distinct feeling that I am overlooking something straightforward and simple.
We are attempting to secure our back-end web traffic, and have set up the following:
- ClientSSL profile "ServiceName" issued by RootCA
- ServerSSL profile "TrustRootCA" is "defaults from serverssl", and the CA certificate "ca file rootca.crt"
- Virtual Server has profile "ServiceName" and "TrustRootCA" attached to it.
This is pretty striaghtforward, and typically works when the TargetNode (apache) has a certificate issued from RootCA as well.
Where it seems to break is when the TargetNode has an Apache ssl profile issued by IntermediaryCA
- IntermediaryCA has been issued a CA cert from RootCA
- TargetNode has cert from IntermediaryCA
Attempting to connect to the Virtual Server provides the following:
SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection 0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed I don't know if and where I should add the IntermediaryCA certificate and what setting needs to be changed.This is driving me up the wall.
