Forum Discussion
NimbostratusCA Certificate Authorities DST ACES CA X6 - DigiNotar expired
Greetings Luigi,
It may be easier to simply download the most recent CA bundle and associate that with the client SSL profile. If you navigate to downloads, look for "Certificate-Authority-Bundle":
https://downloads.f5.com/esd/productlines.jsp
Alternatively, you can try the workaround in the article you mentioned: K15847.
Hope this is helpful!
Kevin
luigi_brosHi Kevin,
I have done everything in a test Virtual-F5 environment but I can see that there is no way to delete the original ca-bundle and neither is possible to be ovewritten by the new one. Having a look at configuration "scf" exported I can see that they are referenced by some natively Application Templates.
As a result I have no other choices than leaving the original "ca-bundle" in the big-ip and getting from time to time email alerts saying the a certificate in the original "ca-bundle" is going to expire.
Am I wrong?
Had I better give up and ignore this or there is a way to put everything in order?
Thank you. luigi_bros
Hi Luigi,
The ca-bundle.crt shouldn't take up much disk space, can you leave it on the BIG-IP and reference the newly imported one? Just give it a different name when you import it:
ca-bundle-2017.crt
If you've configured email alerts, you can stop them with the following:
https://support.f5.com/csp/article/K36641730
Hope this is helpful!
Kevin
