Forum Discussion
CirrusHelp needed with Chain Bundle - Machine Cert
Hi everyone,
I am having the same issues as this F5 user:
https://devcentral.f5.com/questions/ca-profiles-and-machine-cert-checks
It looks like he created a CA bundle and it fixed his issue. I am just wondering if I going in the right direction to create my own ca bundle
cat /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Root_crt <(echo -e \r) /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Issue_Int1 <(echo -e \r) /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Issue_Int2 > /var/tmp/Corp_chain.crt
So basically i have the roo listed first and then the two intermediates.... just wondering if this is correct?
3 Replies
cjuniorNacreous
I think yes. I prefer to export and open the contents of all the certificates (base 64 crt) in a text editor, join it and then paste it to create a certificate. So the type of certificate is a bundle and I not fumble me in the shell command. []- nitass
Employee
So basically i have the roo listed first and then the two intermediates.... just wondering if this is correct?
i normally place intermediate first and then root certificate.
4.Create a chain certificate file named chain.crt by typing the following command: cat intermediateCA_1.crt intermediateCA_2.crt rootCA.crt > chain.crt Note: Including the root CA certificate in the bundle is optional and does not affect its functionality.sol6401: Configuring the BIG-IP to use an SSL chain certificate (9.x - 10.x)
https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html
Rosieodonell_16I did what you said and it worked thank you for the answer. I am sure the command line would work as well but this was much easier. Cheers!
