Forum Discussion

Cirrostratus

Dec 15, 2011

Managing SSL Certificate Bundles

We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage thes...

config

design

smp_86112

Cirrostratus

Dec 16, 2011

Thanks Hamish. We got a certificate from our new vendor. Then I created a new client SSL profile with the cert/key, but left the Chain and Trusted Certificate Authorities values set at None. Finally I applied to a VIP. But when I hit the VIP, the cert validates just fine.

How can that be? I though the LTM presented the certificates in the Chain bundle during the key exchange? Seems like the client doesn't care what the Chain or Trusted Certificate Authorities value is set to in the Client SSL Profile?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Managing SSL Certificate Bundles

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: Management Certificate

Certificate Bundle Timestamp Query

Import ssl certicate bundle through iControl as user with Certificate Manager role

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS