Forum Discussion

tiwang's avatar
tiwang
Icon for Nimbostratus rankNimbostratus
Oct 24, 2014

certificate check fails ?

Hi out there

 

We have defined a new certificate infrastructure and are now testing it. It is a PKI with MS 2008R2 servers. When I try to logon to the F5 I get a error - session.ssl.cert.valid is 7 - and I can't find any reference on what "7" Means - can some help me?

 

Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.end is Oct 19 12:23:29 2019 GMT Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.exist is 1 Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.issuer is CN=xxxxxx (removed) Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.serial is xxxxx (removed) Oct 24 12:06:34 hsp-gbh-f5 notice apd[10731]: 01490113:5: 95ecbb57: session.ssl.cert.start is Oct 20 12:23:29 2014 GMT

 

best regards /ti

 

APM
application delivery
LTM
security

4 Replies

Sort By
  • tiwang's avatar
    tiwang
    Icon for Nimbostratus rankNimbostratus
    Oct 27, 2014

    hi again OK - the RSASSA-PSS signature-algorhytm isn't supported under 11.3 yet - does this also mean that f.ex the Root CA with chain - which has issued the server certificate - isn't valid even though it is imported without errors? I am not sure where in the certificate validation process these "objects" are used.

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Oct 27, 2014

    Isn't that failure is for client cert validation? So import time no validation of that, rite

     

    openssl verify -purpose sslclient -CAfile CA.crt client.crt

     

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Oct 27, 2014

    Isn't that failure is for client cert validation? So import time no validation of that, rite

     

    openssl verify -purpose sslclient -CAfile CA.crt client.crt