For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Albert_Blom_173's avatar
Albert_Blom_173
Icon for Nimbostratus rankNimbostratus
Oct 14, 2014

F5 How to configure Trusted Root certificates ?

Hi, The party I am connecting with on the receiving side is sending back its client certificates WITHOUT the Root CA, because they assume that is already a certificate trused by the F5. Sample: F5 identifies to receiving machine Receiving machine sends back cert chain with X1, X2, X3 where X4 is the missing Root. X4 should be configured already in the F5.

 

Currently we have a chain configured with X1 thru 4 inclusive.

 

Any suggestions ??

 

Many thanks, Albert

 

2 Replies

  • R_Eastman_13667's avatar
    R_Eastman_13667
    Historic F5 Account
    Oct 14, 2014

    Create a certificate bundle with X4, upload it to the F5 and configure it in the SSL client profile.

     

    ---BEGIN CERTIFICATE---

     

    Public key text of x1

     

    ---END CERTIFICATE---

     

    ---BEGIN CERTIFICATE---

     

    Public key text of x2

     

    ---END CERTIFICATE---

     

    ---BEGIN CERTIFICATE---

     

    Public key text of x3

     

    ---END CERTIFICATE---

     

    ---BEGIN CERTIFICATE---

     

    Public key text of x4

     

    ---END CERTIFICATE---

     

    Save as a .crt and upload the certificate bundle to system > file management > ssl certificate list > import. Import as a certificate.

     

    • Albert_Blom_173's avatar
      Albert_Blom_173
      Icon for Nimbostratus rankNimbostratus
      Oct 14, 2014
      Hi, thanks for your quick response. We had create a chain with X1 thru 4, but when client offers only X1 thru 3 F5 cannot match and provides a 517 error.