For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Thiyagu_163984's avatar
Thiyagu_163984
Icon for Nimbostratus rankNimbostratus
Sep 03, 2015

SSL Intermediate Chain Certificate Installation in LTM

Hello All, I'm working on a task for an SSL Intermediate Chain Certificate Installation in LTM.

 

Can you please guide me the steps to add SSL Intermediate Chain Certificate?

 

Regards, Thiyagu

 

6 Replies

  • Thiyagu_163984's avatar
    Thiyagu_163984
    Icon for Nimbostratus rankNimbostratus
    Sep 04, 2015

    Thanks Nathan for your reply. Could you please help me to know how to test the intermediate chain certificate is working properly?

     

    What are the testing we can do from the LTM standpoint and confirm that things are working?

     

    What are the testing we can do from the client perspective and confirm the installed certificate is working as expected?

     

    Your quick help would be appreciable.

     

    Regards, Thiyagu

     

    • nathe's avatar
      nathe
      Icon for Cirrocumulus rankCirrocumulus
      Sep 04, 2015
      Jason Rahm did a series on SSL. This one is all about chain certs. This should help test: https://devcentral.f5.com/s/articles/ssl-profiles-part-3-certificate-chain-implementation
  • Thiyagu_163984's avatar
    Thiyagu_163984
    Icon for Nimbostratus rankNimbostratus
    Sep 06, 2015

    Thanks Nathan. I have one more question related to this. If the SSL certificates in use today signed by a Certificate Authority (CA) using the SHA-1 algorithm then using of SHA2 intermediate certificate will work for the successful SSL handshake between client and the server?

     

    Or

     

    Do we need a new SSL certificate with SHA 2 algorithm and an intermediate chain certificate in LTM to make the successful SSL handshake between client and the server?

     

    Regards, Thiyagu

     

    • Opher_Shachar_6's avatar
      Opher_Shachar_6
      Icon for Nimbostratus rankNimbostratus
      Sep 06, 2015
      It depends on the client's browser. For example Google Chrome requires the whole chain except the CA to have SHA2 Certificates - so it'll reject yours. Internet Explorer OTOH will probably accept it.
  • Thiyagu_163984's avatar
    Thiyagu_163984
    Icon for Nimbostratus rankNimbostratus
    Sep 06, 2015

    Thanks Nathan. I have one more question related to this. If the SSL certificates in use today signed by a Certificate Authority (CA) using the SHA-1 algorithm then using of SHA2 intermediate certificate will work for the successful SSL handshake between client and the server?

     

    Or

     

    Do we need a new SSL certificate with SHA 2 algorithm and an intermediate chain certificate in LTM to make the successful SSL handshake between client and the server?

     

    Regards, Thiyagu