prost_248659
Apr 05, 2016Nimbostratus
SSL cert chain
I have a number of VIPs that are not showing the full SSL chain. they are showing the cert, not the issuing root. Does anyone know how to solve this issue?
I have a number of VIPs that are not showing the full SSL chain. they are showing the cert, not the issuing root. Does anyone know how to solve this issue?
Please correct me here if I am wrong. Are you looking for root cert or chain certs? If yes, then use WinSCP to login to the f5 LB and go to config -> ssl -> certs. You will find your root and chain certs here. If you mean you are not seeing the root or chain certs in the VIP then add using following command: create ltm profile client-ssl profile_name cert profile_name.crt chain profile_name-chain.crt key profile_name.key passphrase "password" check the already existing profile using following command: list ltm profile client-ssl my_profile
Please let me know if I solved your issue or you are looking for different issue.
If you certificate is issued with one or more intermediate chain certificates, such as below:
your_cert --> int_cert1 --> int_cert2 --> root_cert
Combine int_cert1 and int_cert2 into one file (text file) and import it into LB from "File Management" -> "SSL certificate List".
On your ssl profile, assuming you go that route, use Configuration -> Advanced, put that newly inserted intermediate certificates to "Chain" field.