Forum Discussion

Nimbostratus

15 years ago

SSl chain issue

I recently renewed a certificate on my pair of 1600s, running 9.4.7. The cert shows up as valid for another year and from most logins all is fine. For external customers however, there is an...

config

design

hoolio

Cirrostratus

15 years ago

You shouldn't specify a key when importing an intermediate or root cert that you're going to use as a chain cert. You should only specify the key for the cert which you are using in the cert and key fields of the client SSL profile.

I'd start with a new client SSL profile. Specify the portal.city.ac.uk.crt and portal.city.ac.uk.key in the cert and key fields. Then in the Chain field, specify the chain cert that you created using 'cat Intermediate.crt portal.city.ac.uk.crt ca-bundle.crt > chain.crt'.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSl chain issue

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

SSL Profiles Part 3: Certificate Chain Implementation

Use F5 Distributed Cloud to service chain WAAP and CDN

Knowledge sharing: Troubleshooting/investigating SSL and HTTP issues

APM Cookbook: SAML IdP Chaining

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS