i have imported .Pem formate certificate and key with same name

Question

[admin@test:Active] ~  openssl s_client -host 172.20.51.80 -port 8443 -cert /config/ssl/ssl.crt/SSL-Perminent.crt -key /config/ssl/ssl.key/SSL-Perminent.key
Enter PEM pass phrase:
unable to get private key from '/config/ssl/ssl.key/SSL-Perminent.key'
10336:error:0607607D:digital envelope routines:PKCS5_v2_PBE_keyivgen:unsupported prf:p5_crpt2.c:223:
10336:error:06074078:digital envelope routines:EVP_PBE_CipherInit:keygen failure:evp_pbe.c:101:
10336:error:23077073:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 algor cipherinit error:p12_decr.c:83:
10336:error:2306A075:PKCS12 routines:PKCS12_DECRYPT_D2I:pkcs12 pbe crypt error:p12_decr.c:122:
10336:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:122:
10336:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:709:&nbsp;
[admin@test:Active] ~  openssl x509 -in /config/ssl/ssl.crt/SSL-Perminent.crt -modulus -noout | openssl md5
ba6ca75e0994723f46124820bcb2ff73&nbsp;
[admin@test:Active] ~  openssl s_client -host 172.20.51.111 -port 8441
CONNECTED(00000003)
10995:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:596:&nbsp;

mm_f_147944 · Answer

[admin@test:Active] ~  openssl s_client -host 172.20.51.93 -port 8443
CONNECTED(00000003)
11031:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:596:&nbsp;
[admin@test:Active] ~  openssl s_client -host 172.20.51.80 -port 8443
CONNECTED(00000003)
write:errno=104&nbsp;
[admin@test:Active] ~  openssl s_client -host 172.20.51.80 -port 8443 -cert /config/ssl/ssl.crt/SSL-Perminent.crt -key /config/ssl/ssl.key/SSL-Perminent.key
CONNECTED(00000003)
12354:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:&nbsp;
[admin@test:Active] ~  openssl s_client -connect 172.20.51.80:8443 -prexit
CONNECTED(00000003)&nbsp;
12422:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 118 bytes
New, (NONE), Cipher is (NONE)
[admin@test:Active] ~ &nbsp;

leonardo_souza · Answer

Can you please provide more information about what you are trying to do?
What software version you are using, and part of the configuration you are doing?&nbsp;

mm_f_147944 · Answer

we want to do SSL on F5 rather then on Server so we have imported Certificate and Key on F5 in .PEM format, my latest comment is the result after successful import , because first time when i imported the key it was showing 0 bits and no errors, after doing last try now key is showing 2048 bits,&nbsp;
now the problem is that i am not able to create HTTPS monitor, if i write VIP:port in the browser i can go to the page of application but partitions are down as HTTPS monitor is not working i tried many times with different GET and receive values, &nbsp;
If you can guide me that what should i ask Application team to provide me to build Health Monitor.&nbsp;

leonardo_souza · Answer

Read these solutions:&nbsp;
https://support.f5.com/csp/article/K2167&nbsp;
https://support.f5.com/csp/article/K12531&nbsp;

mm_f_147944 · Answer

My F5 is using 9.4.5 version 3400 model&nbsp;
On Telnet 172.20.51.80 8443&nbsp;
GET / HTTP/1.1 ENTER following i recieve&nbsp;
&nbsp;

Forum Discussion

i have imported .Pem formate certificate and key with same name

8 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Import certificate as pfx format

Creating, Importing and Assigning a CA Certificate Bundle

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)

Re: Management Certificate

X509 Subject Formatting