Forum Discussion

Nimbostratus

Jun 07, 2012

SSL Client Auth

I'm having trouble getting SSL Client Authentication to work, I've never done it before. The customer wants partners to obtain their own SSL certs from whatever authority they choose, then have the r...

config

design

Jake_39981

Nimbostratus

Jun 13, 2012

Sorry, didn't see this till your recent post. I did this same thing last year. Your cat statement doesn't combine the root and intermediary certs. It only takes the root cert and creates a bundle cert with only the root cert in it. You need to include both root and intermdiary certs to create the bundle, so it'd look like:

cat /config/ssl/ssl.crt/intermediate.crt /config/ssl/ssl.crt/godaddy-root.crt > /config/ssl/ssl.crt/godaddy-bundle.crt

Set trusted authority back to ca-bundle

Set advertised authority back to 'none' (this only advertises your list of trusted auths to clients, not necessary and reduces security)

Set "CHAIN" to your new bundle - this is where your bundle is referenced.

Cheers!

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL Client Auth

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Client Auth Using HTTP Cookie

Client ssl certification bulk installation

SOCKS5 SSL Persistence

Enhance your Application Security using Client-side signals – Part 2

Integrating SSL Orchestrator with Symantec ProxySG: Transparent Proxy

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS