Forum Discussion

nicolas_67135's avatar
Icon for Nimbostratus rankNimbostratus
Nov 05, 2010

SSL profile in relation to client cert

Hi Everybody,




Here my issue :


We have 2 clients with different certificates which are authenticated by two different root CA. But those 2 clients have to connect to the same SSL VS on the F5..



So, to do this, we activate the SSL client profile but we can put only one "Trusted Certificate Authorities" :-/



So I try to perform this authentication from irule but i couldn't manage..



You can find my irule on the file attached to this thread. My problem is CLIENT_ACCEPTED is loaded before CLIENTSSL_CLIENTCERT. And i can use SSL::profile only with the CLIENT_ACCEPTED Event ....



Someone can help me to do what I want ? Is it possible ?



Thank you for your help !









2 Replies

  • Hi Nicolas,



    Can you try cat'ing to the two CA certs together on the command line and then specify that combined bundle as the Trusted Cert Authority in the client SSL profile?



  • Hi Nicolas,



    You can combine two files on the LTM command line using cat:



    cat /config/ssl/ssl.crt/ca1.crt /config/ssl/ssl.crt/ca2.crt > /config/ssl/ssl.crt/ca1_ca2_combined.crt