Forum Discussion

Cirrostratus

Dec 15, 2011

Managing SSL Certificate Bundles

We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage thes...

config

design

hooleylist

Cirrostratus

Dec 19, 2011

Your server cert might already be properly chained with intermediate cert(s) to a root cert in the browser (ie the browser already has the intermediate cert(s) and root cert installed). You can check this by viewing the cert in IE and then clicking on the Certification Path.

I don't think you need to install the root cert in the chain as the client has to have it in order to avoid the unchained (or untrusted) cert error. It doesn't hurt to include the intermediate cert(s) in the bundle for non-standard clients who might not already have it/them installed.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Managing SSL Certificate Bundles

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: Management Certificate

Certificate Bundle Timestamp Query

Import ssl certicate bundle through iControl as user with Certificate Manager role

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Prepare BIG-IP Central Manager for Automation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS