Forum Discussion
smp_86112
Dec 15, 2011Cirrostratus
Managing SSL Certificate Bundles
We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage thes...
You were right, both the Root and the Intermediate certificates were in my browser. It is not clear to me whether I should include the Root certificate in the custom bundle, or just the Intermediate. So I tried to break the handshake by removing the root and intermediate from my browser (tried both IE and FF), and setting the Chain value in the Client SSL Profile to None. But when I make a connection, I don't get any error, and both the intermediate and root certificates are added automatically to my browser.
WTH? How do I break this chain? Both IE and FF want to trust both of the certificates.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects