2 way ssl not working with open ssl generated certificates
Jan 1 19:13:56 bigip1 warning tmm[11040]: 01260006:4: Peer cert verify error: certificate is not yet valid (depth 0; cert /C=IN/ST=KTK/O=Chase/OU=IT/CN=testing141) Jan 1 19:13:56 bigip1 warning tmm[11040]: 01260009:4: Connection error: ssl_shim_vfycerterr:4530: certificate is not yet valid (45) Jan 1 19:13:56 bigip1 info tmm[11040]: 01260013:6: SSL Handshake failed for TCP 192.168.166.1:39596 -> 192.168.166.20:443 Jan 1 19:13:57 bigip1 warning tmm[11040]: 01260006:4: Peer cert verify error: certificate is not yet valid (depth 0; cert /C=IN/ST=KTK/O=Chase/OU=IT/CN=testing141) Jan 1 19:13:57 bigip1 warning tmm[11040]: 01260009:4: Connection error: ssl_shim_vfycerterr:4530: certificate is not yet valid (45) Jan 1 19:13:57 bigip1 info tmm[11040]: 01260013:6: SSL Handshake failed for TCP 192.168.166.1:39598 -> 192.168.166.20:443
The problem is Connection error: ssl_shim_vfycerterr:4530: certificate is not yet valid
If you are seeing this then its likely the time on you BIG-IP needs to synchronised.
Set a DNS server
System -> Configuration -> Device -> DNS add 8.8.8.8
Set an NTP Server
System -> Configuration -> Device -> NTP add pool.ntp.org
If the time does not update within a minute check you can reach your DNS server. From the command line
ping 8.8.8.8
If the system has never been synced before then run the following...
service ntpd stop ntpdate pool.ntp.org service ntpd start
This will force time to sync no matter the time difference.