Forum Discussion

Cirrostratus

Dec 15, 2011

Managing SSL Certificate Bundles

We are about changing SSL vendors, and it appears their root is already in the build-in "ca-bundle". However, their intermediates are not. I wanted to get some feedback on the right way to manage thes...

config

design

Hamish

Cirrocumulus

Dec 19, 2011

Oh... On an earlier question. You never include the root cert. it just wouldnt add any information.

Because the trust of a site cert is a chain, the chain needs to lead to a cert somewherevthat the browser does trust. Including the root in the chain presented by the server is redundent. Because if the client doesnt have it already, it wont trust the chain anyway. And if it does have the root, you dont need to include it...

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Managing SSL Certificate Bundles

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Re: Management Certificate

Certificate Bundle Timestamp Query

Import ssl certicate bundle through iControl as user with Certificate Manager role

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS