Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for MVP rank

MVP

Re: Pull all trusted root and intermediate certificate to single bundle

Maybe you can automate using Ansible Tower and quite a bit of Python magic. Otherwise, manual process as far as I know.

2 Replies

yadgayan
Cirrus
Jul 26, 2023
I can use 2 workers (bash scripts) to update a single CA file based on trusted CA parties that IRD provided. (I never tried but just an idea). I can use the below list to pull the certificates
All intermediate list
https://ccadb.my.salesforce-sites.com/mozilla/PublicAllIntermediateCerts
All Root list
https://curl.se/docs/caextract.html

But I'm seeking any other easy way to do it?
- whisperer
  MVP
  Jul 26, 2023
  Interesting, there is a certificate bundle management:
  https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-13-1-0/3.html
  Check out this excerpt;
  "In the Include URLs field, type the URL where remote CA bundles reside, and click Add to include that for generating the new CA bundle.
  Only HTTPS URLs are allowed in the Include URLsfields"

Jonathan - March 2026 Featured Member

DevCentral News

featured member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

DevCentral News

2026 F5 DevCentral MVP Announcement

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5