Client certificate for https monitor

Hi,

 

 

I'm trying to set up a virtual server for an https traffic with client certificate verification enabled.

 

SSL is NOT terminated on the load balancer.

 

Virtual server works fine, however I have an issue with setting up pool members monitor. I've created new monitor based on https profile but it doesn't work properly. Application running on balanced servers performs client side cert authentication and accept connections for known certs only. So I tried to specify client certificate in monitor setting (cert "") but I've got below errors in ltm logfile:

 

 

bigd: 01060111:3: Open SSL error - error:14094412:SSL routines:func(148):reason(1042).

 

 

I tried different file formats - p12, pem but an error is still the same.

 

 

The certificate I use is correct and works fine when I try direct connection from LB to the server with openssl however here I use pem files for both the cert and the key:

 

 

openssl s_client -host 10.1.1.1 -port 443 -cert ./usercert.pem -key ./userkey.pem

 

 

Anyone know what format should I use so f5 can read the cert and use it properly.

 

 

Best regards,

 

Pawel