Forum Discussion

acurry583's avatar
acurry583
Icon for Altocumulus rankAltocumulus
Sep 06, 2018

Intermediate and certificate checks in BIG-IP LTM

Is there a functionality in the newer code for LTM that checks the Intermediate Certificate Chain and whether it checks the compatibility to a certificate? I know the newer code checks the certificat...
certificate chain
LTM
security
ssl
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Sep 07, 2018

Hi,

 

In fact now when you built your Client SSL Profile, F5 check that certificate and key matching. And it warn you with this following message:

 

01070317:3: profile /Common/test's key and certificate do not match.

 

but unfortunately F5 does not allow for the moment to control that the chain is valid. so if you put an invalid Chain, F5 does not indicate any error. You have to check it manuallay (SSLlabs, openssl or check in GUI).

 

K20381201: Verifying a new CA signed SSL certificate

 

Check using openssl or your browser

 

Check Online using a site web

 

You can also verify your configuration using GUI. Check that how issued your certificate then validate that the chain contained issuer...

 

let me know if you need more details.

 

regards