F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

wallst32_178793's avatar
wallst32_178793
Icon for Nimbostratus rankNimbostratus
Jan 06, 2016

SSL profile client configuration

I installed a new SSL certificate on an F5 LTM, and created a new SSL client profile for it via the web GUI. I decided to use TMSH (ltm profile client-ssl profile-name) to compare the configuration ...
application delivery
BIG-IP
LTM
wallst32_178793's avatar
wallst32_178793
Icon for Nimbostratus rankNimbostratus
Jan 07, 2016

We are running TMOS version 11.6. I believe the cert/keypair is selected correctly. The items were selected from the drop downs, and the ADD button was clicked which puts the entry in the GUI "box". Also, those should be the settings responsible for creating the "cert-key-chain" block shown in the config.

 

  • Amine_Kadimi's avatar
    Amine_Kadimi
    Icon for MVP rankMVP
    Jan 07, 2016
    This is weird. What happens if you associate your created profile with a https VS and then open a browser to that VS and display the certificate from the browser, did you see the default F5 cert or yours?
  • wallst32_178793's avatar
    wallst32_178793
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2016
    The correct certificate loads in a browser in both cases; when the SSL Profile contains the "chain" and when it does not. When the "chain" is not included, I used third party "SSL checkers" to confirm the chain validation. That is why I stated in my other comment I wasn't really sure if these additional settings are required. The chain bundle is already specified in the SSL profile (Client Authentication - Trusted Certificate Authorities).