Forum Discussion
CirrusAdvertised Certificate Authorities
Hi!
My certificate issuer issue certificates from his rootca to 2 intermidates certficates that issue certificates to users .
RootCA Intermidiate1 cert
RootCA Intermidiate2 cert
My ssl client profile is configured to use Intermidiate1 as Advertised Certificate Authorities How can I configure an ssl client profile to use 2 Advertised Certificate Authorities to support both chains in the same VS? (Intermidiate1+Intermidiate2)
Thanks,
Aviv Hassidim
2 Replies
theCookEmployee
You'll want to create a custom bundle and apply that to the client ssl profile. This solution article discusses doing that with certificates that have already been imported:
https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302custom
You can also do this in the GUI if you have the certificates in the proper format (PEM). To do this, select "import" under File Management -> SSL Certificates List. Set import type to Certificate and select the "paste text" radio button. You can then paste the two certificates in one right after the other (single carriage return, no white space). After you've imported it make sure to click on your custom bundle from the SSL Certificates List screen to verify both are there and the certificate properties are what you expect.
- Aviv
Thanks it works. first i have convert the 2 intermidate cer files to pem format
openssl x509 -inform der -in intermidiate1.cer -out intermidiate1.pem
openssl x509 -inform der -in intermidiate2.cer -out intermidiate2.pem
then in the GUI select "import" under File Management -> SSL Certificates List. Set import type to Certificate and select the "paste text" radio button. then in the ssl client profile>under Advertised Certificate Authorities >> choose the new bundle certificate.
Thanks to theCook!!
