Forum Discussion
Josh_Abaire
Jun 07, 2012Nimbostratus
SSL Client Auth
I'm having trouble getting SSL Client Authentication to work, I've never done it before. The customer wants partners to obtain their own SSL certs from whatever authority they choose, then have the root and trust chain installed on the F5. A GoDaddy Root and Intermediate cert were provided to me. I wasn't sure how to make multiple certs trusted so I imported them separately with one named bundle and then combined them:
cat /config/ssl/ssl.crt/godaddy-root.crt >> /config/ssl/ssl.crt/godaddy-bundle.crt
Configured the client SSL profile to require client certs with the godaddy-bundle as trusted authority and advertised authority. As you may guess, it didn't work. This is new territory for me. Can someone explain how the client cert is to be trusted and what I did wrong?
- Josh_AbaireNimbostratusDid I stump the entire community? Is what I'm trying to do even possible?
- Jake_39981NimbostratusSorry, didn't see this till your recent post. I did this same thing last year. Your cat statement doesn't combine the root and intermediary certs. It only takes the root cert and creates a bundle cert with only the root cert in it. You need to include both root and intermdiary certs to create the bundle, so it'd look like:
- Josh_AbaireNimbostratusThanks for the reply!
- Jake_39981NimbostratusYou could set it for both if only those authorities will be connecting to you. Otherwise, I'd set trusted cert auths to ca-bundle, the default. As long as the chain is set to your bundle, it should work for you. Let me know how it goes.
- Josh_AbaireNimbostratusEverything is working now. Thanks.
- nitassEmployeehave you seen these codeshare?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects