GTM-LTM Not Exchanging Cert

Question

I'm trying to connect a LTM, running 9.3.1, to a GTM, running 9.4.3. The GTM has a self-generated cert and the LTM has privately generated cert.  
&nbsp; I ran big3d_install and bigip_add on the GTM to update the big3d daemon on the LTM and get the LTM's cert. When I ran iqdump on the GTM to verify the exchange I get the error message: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844 
&nbsp; Running iqdump on the LTM show the GTM cert. 
&nbsp; The F5 site kb has doc SOL6692 that seems to describe the problem but says the problem was fixed with ver 9.4.2. 
&nbsp;  
&nbsp; Any ideas as to what may be happening here?

deb_allen_18 · Answer

Reading CR67836, it looks like the fix mentioned simply added the Certificate Depth setting, but the default is still 0.  Apparently it needs to be set to a value between 1 and 9. A value of 2 was suggested as a possibly saner default, so I'd start with 2.  
&nbsp;  
&nbsp; I just updated the solution, should be re-published including that detail shortly. 
&nbsp;  
&nbsp; /deb 
&nbsp;  &nbsp;

wesweber_98132 · Answer

I'm searching for CR67836 on the F5 KB and the doc itself isn't coming up. Also, is the depth setting made at the CLI or the Config gui.

jrahm · Answer

It is set in the GUI under System-&gt;General Properties-&gt;General-&gt;Certificate Depth

Forum Discussion

GTM-LTM Not Exchanging Cert

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

add LTM to GTM

DNS load balancing to backend servers using GTM/LTM.

Exchange 2016

Use Kubernetes Cert-Manager to Maintain Let's Encrypt Certificates

SSL-Cert