For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Kenworthy's avatar
Brian_Kenworthy
Icon for Nimbostratus rankNimbostratus
Jul 22, 2009

Add root CA to ca-bundle?

Hi all,     VeriSign has started signing certificates with a new intermediate root CA for their PKI customers - VeriSign Class 3 Secure Server CA - G2. I do not see this certificate in the...
config
design
hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
Sep 12, 2011
Hi All,

 

 

Two quick questions in relation to adding the intermediate CA bundle to the F5?

 

 

I've followed the instructions for sol6401 but am a bit lost at the part where they go:

 

 

cat intermediateCA_1.crt intermediateCA_2.crt rootCA.crt > chain.crt

 

 

1/ What do I use for the rootCA.crt? I don't see this file in /config/ssl/ssl.crt ??

 

 

2/ The rootCA is suppose to be optional, so I've tried it without using the rootCA but when I run that against the site's crt, I get this error:

 

 

[root] ssl.crt openssl verify -purpose sslserver -CAfile chain.crt mysite.crt

 

mysite.crt: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

 

error 2 at 2 depth lookup:unable to get issuer certificate

 

 

Does that error message mean anything? I found some other forums where some users just ignored this error and their site still functioned ok.

 

 

Help please...

 

 

Thanks.

 

 

Andy