Forum Discussion

jmanya_44531's avatar
jmanya_44531
Icon for Nimbostratus rankNimbostratus
Feb 14, 2017

clientssl profile with ECC certificate needs RSA Certificate

Hello guys,   Hope you could support me in the following matther.   I have already purchased an ECC wildcard certificate and I wanted to attach it to a virtual server in my BIG IP 4200 LTM box ...
application delivery
ecc
LTM
rsa
wildcard
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account

Greetings, It looks like at least one RSA cert & key is required. You could try preferring ECC, instead of only using (as above) with:

 

ECDH_ECDSA:DEFAULT

 

I would assume BIG-IP bases which cert / key to use based on the client's preference in the initial handshake.

 

Kevin

 

jmanya_44531's avatar
jmanya_44531
Icon for Nimbostratus rankNimbostratus
Mar 08, 2017

Hi Kevin, thanks a lot for your answer.

 

You said "I would assume BIG-IP bases which cert / key to use based on the client's preference in the initial handshake." Since RSA has been widely used in the industry, it is supposed that the client's preference will be to use the RSA certificate instead of the ECC one. So, how could I force the usage of the ECC no matter the preferences of the browser. I have tried installing the ECC in a Apache and it works fine, but LTM needs an RSA+ECC which makes my deployment more difficult.

 

Thanks in advance.

 

Regards

 

Jorge