Forum Discussion

Cirrostratus

Dec 15, 2011

Managing SSL Certificate Bundles

We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage thes...

config

design

hooleylist

Cirrostratus

Dec 19, 2011

Hi SMP,

I think that's about right. One thing to be aware of is that if you've already completed the SSL handshake, the browser and TMM will store the session ID in their cache and reuse it. So it's possible that after you changed your cert settings on the client and/or server, your browser would have resumed an existing session and you wouldn't see the expected failure. To avoid this scenario, you can clear the client SSL cache and/or TMM's cache. It's less impacting to do this on the client than TMM.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Managing SSL Certificate Bundles

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Re: Management Certificate

Certificate Bundle Timestamp Query

Import ssl certicate bundle through iControl as user with Certificate Manager role

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS