Forum Discussion

Nimbostratus

Jan 21, 2015

SSL offloading

Hi All, Can you please let me know what is ssl intermediate certificate in f5 ? How to identify this in SSL certificates list. today I come across and issue that I have renewed one SSL certifi...

StephanManthey

Nacreous

Jan 21, 2015

Hi vvskaladhar,

the intermediate CA bundle will be provided by your certificate authority.

In case you are configuring an intermediate CA (has to be imported as certificate (bundle) to TMOS filestore as well) in a client-ssl profile, the intermediate CA certificate will provided along with your server certificate to the client during initial SSL handshake.

Based on the intermediate certificate the client is able to validate the chain of trust to one of the root CAs which are trusted by the browser.

Your server certificate has an information about the issuer (signing CA). This string has to match exactly the common name in the end of chain certificate of your intermediate CA bundle.

If these names do not match, the client can not verify the chain of trust.

With shifting to SHA256 hashed certificates it is very likely your CA has a new signing entity deployed (verify the common names) and this is causing the mismatch.

Thanks, Stephan

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)