ca-bundle update

Question

I have a problem with updating my SSL ca-bundle :/ 
&nbsp; I'm running LTM 9.4.6 and until today the default ca-bundle took care of all certs for SSL offloading, but I lately got a certificate by VeriSign - Class 3 Extended Validation SSL SGC CA. 
&nbsp; I was under the impresion that ca-bundle should already posses ca cert but I got a 'chain broken' error. 
&nbsp;  
&nbsp; As advised I'm adding two first: http://www.verisign.com/support/verisign-intermediate-ca/extended-validation-pro/index.html to ca-bundle by SSH by pasting it (SOL6118). I can see that ca-bundle is adding those certs to the ca-bundle by viewing using GUI, but I still get a message about broken chain every time I'm viewing HTTPS :/ 
&nbsp;  
&nbsp; I tried to deleting certs for ca-bundle, doing the same with HTTPS cert/key but nothing works. 
&nbsp; Is there somthigng that I need to update to enable new ca-bundle content or F5s should pick it up on it own? 
&nbsp;  
&nbsp; Any idea what can be wrong with it? 
&nbsp;

lipos_54863 · Answer

Solved:  
&nbsp;  
&nbsp; SOL6401: Configuring the BIG-IP to use an intermediate or chain certificate with a clientssl profile 
&nbsp; https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html 
&nbsp;  
&nbsp; SOL10167: Overview of the ClientSSL profile 
&nbsp; https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html

Forum Discussion

ca-bundle update

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

Creating, Importing and Assigning a CA Certificate Bundle

Using bash and tmsh to make bulk updates

Updating SSL Certificates on BIG-IP using REST API

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Auditing Security Policy Updates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS