Forum Discussion
Amit_V_Chavan_1
Nimbostratus
NimbostratusDifference between Root Cert, Intermediate Cert and SSL Cert
Hello Every one,
Can any one please help me with difference between Root Cert, Intermediate Cert and SSL Cert?
Muhammad_Irfan1
Cirrus
CirrusPlease help me out all of you experts. I have configured client side SSL profile and uploaded certificate, also put CA bundle of all certificates uptill root in Trusted certificate authorities. The problem i am having is that still the SSL secure handshake is failed. And Open SSl shows that there is a self signed certificate in the chain which is root certificate. How to tell F5 that root certificate will always be self signed and ignore it. I did all the need full in browser. Please help
StephanManthey
Nacreous
NacreousHi Muhammad,
it will be necessary to add the intermediate CA / intermediate CA chain to the client-ssl profile. During the handshake the the client will now receive the server certificate and all certificates in the single cert or bundle chain as specified above. This way the client can verify the chain of trust from the server certificate up to a root CA he trusts.
If you request / require a client certificate it will be necessary to validate the chain of trust up to the root CA which validates the client certificate. As there may also be intermediate CAs involved it will be necessary to verify the full chain as well.
But for this part the virtual server has to trust a root CA and needs to know, which intermediate CAs are involved.
This is a bundle you want to configure in the context of "client authentication" of your client-ssl profile.
A nice tool to monitor the certificate exchange is ssldump as provided on the BIG-IP:
ssldump -AdenN -i any host (your_client_ip)
Using the command above may help you to troubleshoot the issue.
Thanks, Stephan
