F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

prost_248659's avatar
prost_248659
Icon for Nimbostratus rankNimbostratus
Apr 05, 2016

SSL cert chain

I have a number of VIPs that are not showing the full SSL chain. they are showing the cert, not the issuing root. Does anyone know how to solve this issue?

 

LTM
security

2 Replies

  • Root44's avatar
    Root44
    Icon for Altostratus rankAltostratus
    Apr 06, 2016

    Please correct me here if I am wrong. Are you looking for root cert or chain certs? If yes, then use WinSCP to login to the f5 LB and go to config -> ssl -> certs. You will find your root and chain certs here. If you mean you are not seeing the root or chain certs in the VIP then add using following command: create ltm profile client-ssl profile_name cert profile_name.crt chain profile_name-chain.crt key profile_name.key passphrase "password" check the already existing profile using following command: list ltm profile client-ssl my_profile

     

    Please let me know if I solved your issue or you are looking for different issue.

     

  • Gary_Zhu's avatar
    Gary_Zhu
    Icon for Nimbostratus rankNimbostratus
    Apr 06, 2016

    If you certificate is issued with one or more intermediate chain certificates, such as below:

      your_cert -->  int_cert1 --> int_cert2 --> root_cert

    Combine int_cert1 and int_cert2 into one file (text file) and import it into LB from "File Management" -> "SSL certificate List".

    On your ssl profile, assuming you go that route, use Configuration -> Advanced, put that newly inserted intermediate certificates to "Chain" field.