Forum Discussion

Nimbostratus

Dec 27, 2010

Device certificate from intermediate CA

Hi! I would like to add a trusted device certificate to our LTM and use it for the management interface. We have our own CA that we issue certificates from, which is an intermediate CA...

config

design

StephanManthey

MVP

Mar 27, 2017

Hi,

here is a way to get it done in TMOS v11+.

Copy the chain file (single intermediate CA file or bundle in PEM format) as

intermediate_ca.crt

to the

/config/httpd/conf/ssl.crt/

directory and set permissions, i.e.:

chmod 0644 /config/httpd/conf/ssl.crt/intermediate_ca.crt

Now declare it to be used as chain file to be delivered along with the device certificate during the initial handshake and restart the WebUI:

tmsh modify / sys httpd ssl-certchainfile /etc/httpd/conf/ssl.crt/intermediate_ca.crt
bigstart restart httpd

Thanks, Stephan

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Device certificate from intermediate CA

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

unsupported certificate error with device certificates

Intermediate iRules: Data-Groups

Intermediate iRules: Handling Lists

Intermediate iRules: Iteration

Intermediate iRules: catch

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS