Forum Discussion

Nimbostratus

Jun 14, 2018

F5 BIG-IP SSLVPN client using machine certs and renewal of the issuing intermediate CA

Hello, We use the F5 BIG-IP SSLVPN client in combination with machine certificates which are handed out by our internal MS PKI. Our internal PKI consists of a root CA and an intermediate CA, the...

BIG-IP Access Policy Manager (APM)

security

bylie

Nimbostratus

Jun 14, 2018

A snapshot of the relevant APM VPE flow and the properties of the Machine Cert Auth check:

The CA profile currently points to a certificate bundle consisting of our root CA and current intermediate CA. As stated in the opening post we would like to know if it's possible to add a new intermediate CA to this bundle to accomplish simultaneous verification of machine certs issued by our current intermediate CA and future machine certs issued by a new intermediate CA?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 BIG-IP SSLVPN client using machine certs and renewal of the issuing intermediate CA

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

[APM] - How to clear the cached certificate for specific url

Problem with sending BotDefense logs to remote server

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

What dose "Accept" do in BIG-IP ASM event logs

Related Content

Intermediate iRules: Data-Groups

Intermediate iRules: Handling Strings

NGINX Virtual Machine Building with cloud-init

Intermediate iRules: Handling Lists

Intermediate iRules: Iteration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS