Managing SSL Certificate Bundles
We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage these certs from the admin GUI, as the dialog box labels and help are not very clear.
What I was thinking is that I would add the intermediate certificates to a new bundle that I create. Then in the New Client SSL Profile dialog box, I would leave the "Trusted Certificate Authorities" value at it's default ca-bundle, but change the "Chain" value to the new bundle I created containing the custom intermediates.
Is that how this is supposed to be managed? Should I be concerned about ca-bundle or my custom intermediate bundle being overwritten during an upgrade?