Forum Discussion

Nimbostratus

Apr 24, 2015

F5 dual-certificate deployment to fix SHA-1 Deprecate issue

Hi From this information SHA-1 Deprecate >> link from qualys My customer sha-1 certificate is mark as insecure already. (He using APM and certificate expire on 2018) If we renew certi...

BIG-IP Access Policy Manager (APM)

Employee

May 03, 2015

So I need to add new certificate/key pair which use SHA256 in Key exchange mechanism into Client SSL profile.

And change cipher suit to ex. DEFAULT:SHA256 , something like that, Am I right?

you have to create another key pair which is not rsa (because current one is rsa) such as ecdsa, then get its csr signed by ca. add them to clientssl profile and adjust cipher string if needed (i.e. some cipher suite uses rsa certificate with sha1 and some uses ecdsa certificate with sha256).

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

F5 dual-certificate deployment to fix SHA-1 Deprecate issue

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Where are F5's archived deployment guides?

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

Automating F5 NGINX Instance Manager Deployments on VMWare

F5 and NetApp partnership for Large Language Model AI deployments

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS