Forum Discussion

Nimbostratus

Jun 14, 2018

F5 BIG-IP SSLVPN client using machine certs and renewal of the issuing intermediate CA

Hello, We use the F5 BIG-IP SSLVPN client in combination with machine certificates which are handed out by our internal MS PKI. Our internal PKI consists of a root CA and an intermediate CA, the...

BIG-IP Access Policy Manager (APM)

security

AceDawg1

Nimbostratus

Jun 14, 2018

Thanks.

I would modify the CA bundle by adding the entire SSL cert chain (root+intermediate) rather than the lone intermediate cert.

In other words, I would concatenate your CA root and new intermediate cert into one file then add the concatenated file to the existing CA bundle.

Keep in mind that you may have to click [Update] on your client SSL profile even though no changes are being made on that page. I've had issues with SSL forward proxy setups where changes made to a datagroup referenced by the SSL profile weren't being re-read until [update] was executed.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 BIG-IP SSLVPN client using machine certs and renewal of the issuing intermediate CA

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

About F5 idle timeout and keep-alive

Problem with sending BotDefense logs to remote server

OSPF traps on BIG-IP v14

[APM] - How to clear the cached certificate for specific url

Audit Logging on LTM and GTM

Related Content

Intermediate iRules: Data-Groups

Intermediate iRules: Handling Strings

NGINX Virtual Machine Building with cloud-init

Intermediate iRules: Handling Lists

Intermediate iRules: Iteration

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS