reCAPTCHA v2 and BIG-IP 13.0

Question

Hi all,
After upgrading from v12 to v13 we've lost reCAPTCHA support for our network access.
We have created new CAPTCHA keys at google and new CAPTCHA-V2 profile with all settings left default.
For a test, we have run network access wizard with all default settings and added new CAPTCHA to it via access policy editor, error still remains the same.
Error that user receive is:
Data provided for authentication is not valid. Please try again.

and here's error we can see in session access report:
Unexpected result while verifying CAPTCHA (/Common/CAPTCHA-V2): Couldn't perform CAPTCHA validation: Peer certificate cannot be authenticated with given CA certificates, proceeding with policy: 0

david_martin · Answer

Hi Filip,&nbsp;
We have the same issue here after upgrading from v12.1.2 to v13.1.&nbsp;
It seems that google site is sending in his chain of certificates a root CA for Geotrust that was signed by "Equifax Secure Certificate Authority" but it is not sending the CA cert.&nbsp;
Looking into my box ca store /config/ssl/ssl.crt/ca-bundle.crt I can see "Equifax Secure Certificate Authority" was removed on the ca-bundle in v13.1 (it expires on August 2018).&nbsp;
I have fixed the issue by manually adding this root CA cert to the trusted store. In my lab this is the process&nbsp;
no reboot require to fix the issue.&nbsp;
Hope it helps on your issue too.&nbsp;
Best Regards
David Martín&nbsp;

ivan_129704 · Answer

Hello friends,&nbsp;
After updating the ca-bundle against f5 through the Bundle Manager List, the missing certificate has been loaded, and it works.&nbsp;
A greeting&nbsp;

chau_tran · Answer

Finally, I found the solution for my issue. You can follow the instruction to update Cert Bundle

https://support.f5.com/csp/article/K60612439#:~:text=To%20update%20the%20default%20CA,Select%20Update.

Forum Discussion

reCAPTCHA v2 and BIG-IP 13.0

3 Replies

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Google reCAPTCHA v2 challenge iRule, integration with BIG-IP virtual server

Quick Optimizations for F5 BIG-IP Virtual Edition

Google reCAPTCHA Challenge iRule

Getting Started with BIG-IP Next: Upgrading Central Manager