Client SSL authentication with mutlipe trusted CAs and CRLs

Question

Hello,&nbsp;
we are using a client SSL profile with client authentication enabled. Now I need to add a second trusted CA and CRL. I created a second SSL profile with the new CA/CRL and tried to add it to the virtual server, but I receive following error: Virtual server xyz has more than one clientssl/serverssl profile with same server name.
What would be the best way to accomplish this?
Thanks in advance!&nbsp;

boneyard · Answer

combine both CA certificates into one certificate bundle (just copy paste the base64 info into one file / text field)&nbsp;
for CRL it is more complicated you will have to merge those, which probably will require some scripting.&nbsp;
btw: similar question with some options was asked here: https://devcentral.f5.com/questions/crl-verification-in-irule&nbsp;
in the end you might consider setting up two virtual servers with different hostnames, will make your life easier for sure :)&nbsp;

Forum Discussion

Client SSL authentication with mutlipe trusted CAs and CRLs

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Trust your CDN, but not completely

Doing mTLS Authentication per URL

Exploring the Zero Trust Models of AWS, Microsoft, and Google

iControl REST Authentication Token Management

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS