Creating Client SSL Profile using Certs from a new CA

Question

I've uploaded some new certs with their keys and created Client SSL profiles for them to put on some load balancing virtual servers.
These new certs were issued by a brand new CA.

The old SSL Profiles nothing in their chain - just cert & key issued by OldOrgName.
The new SSL Profiles don't work.

Where on the F5 do I tell the F5 about the new CA?

Or is it entirely up to the Client to know how trust the new Certs in the new Client SSL Profiles when they connect to the VS?

injeyan_kostas · Answer

when you say don't work you mean that you got a warning or not work at all?&nbsp;Client needs to trust this CA.does it?

zamroni777 · Answer

test using "curl -vk https://vip:port/....."
it will show details of ssl session setup

matthewjc · Answer

Thanks guys, I was so wrapped up in the "new CA" side of things, expecting trust issues or whatever that I failed to check the newly issued certs properly.....it was just a SAN that was left off them.

Forum Discussion

Creating Client SSL Profile using Certs from a new CA

3 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

SSH forward proxy

Replacing i2800 pair with new F5-BIG-AFM-r2800

F5 CIS -> NGINX Plus Ingress Controller Integration

Can I use F5 Big-IP WAF as HoneyPot

Entra ID F5 APM MDM Intune integration compliance check

Related Content

SSL Profiles Part 8: Client Authentication

AS3 - Create multiple client ssl profiles to a single virtual server.

Client SSL Profile

Create a DevCentral account

Client vs Server SSL profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS