Forum Discussion

SP_266134's avatar
SP_266134
Icon for Nimbostratus rankNimbostratus
Mar 25, 2018

SSL Cert verification by https://www.ssllabs.com gets B grade

SSL cert verification says : 1) The server's Diffie-Hellman parameter is too small. Non-compliant with NIST, HIPAA and PCI DSS How do I fix this. Any recomendations. The Diffie-Hellman parameter's size is only 1024 bits . A longer one must be generated to prevent Logjam vulnerability. 2) This server's certificate chain is incomplete. How do i fix this in F5 LTM . I am using SSL termination Client side. Any pointer is appreicated. 3) I am using default Cipher on F5 client sll profile. The server supports cipher suites that are not approved by NIST guidelines and HIPAA guidance.

 

application delivery
BIG-IP
LTM

8 Replies

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Mar 25, 2018

    Please update intermediate certificate too and then verify the status and you can also disable weaker ciphers in ssl client profile. Which version you are running in f5?

     

    • SP_266134's avatar
      SP_266134
      Icon for Nimbostratus rankNimbostratus
      Mar 25, 2018

      I am not sure where to get the is intermediate certificate. Where do i need to import the intermediate certificate. I am using f5 13.0 VE.

       

    • Chase_Abbott's avatar
      Chase_Abbott
      Icon for Admin rankAdmin
      Mar 26, 2018

      Intermediate Certificates and Root Certificates are provided by your certificate authority (CA).

       

  • RaghavendraSY_7's avatar
    RaghavendraSY_7
    Icon for Cumulonimbus rankCumulonimbus
    Mar 25, 2018

    Please update intermediate certificate too and then verify the status and you can also disable weaker ciphers in ssl client profile. Which version you are running in f5?

     

    • SP_266134's avatar
      SP_266134
      Icon for Nimbostratus rankNimbostratus
      Mar 25, 2018

      I am not sure where to get the is intermediate certificate. Where do i need to import the intermediate certificate. I am using f5 13.0 VE.

       

    • Chase_Abbott's avatar
      Chase_Abbott
      Icon for Admin rankAdmin
      Mar 26, 2018

      Intermediate Certificates and Root Certificates are provided by your certificate authority (CA).

       

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Mar 25, 2018

    When you receive certificates from third-party vendor they provide 4 certificates. 1. Website certificate 2. Trusted certificate authority v5 3. usertrustAdd certificate 4. Add trust certificate

     

    You can bundle Addtrust and user trust certificate as intermediate and then import as intermediate certificate and then call in SSL client profile.

     

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Mar 25, 2018

    When you receive certificates from third-party vendor they provide 4 certificates. 1. Website certificate 2. Trusted certificate authority v5 3. usertrustAdd certificate 4. Add trust certificate

     

    You can bundle Addtrust and user trust certificate as intermediate and then import as intermediate certificate and then call in SSL client profile.