Forum Discussion

Andrew_Jones

Nimbostratus

Nov 04, 2021

Trusted Certificate Authorities

Can anyone tell me what in the certificate is being checked when you have "Trusted Certificate Authorities" configured

Nimbostratus

Nov 05, 2021

In PKI the attributes that are used to built the CA chain are:

Preferred method implemented most of the time: AKI/SKI attributes. Authority Key Identifier of the certificate points to the Subject Key Identifier of it's signer -- public key hash values.

Alternative method:: Subject/Issuer attributes. Issuer of the certificate points to the Subject of it's signer -- named values.

Furthermore, validity of a certificate is always checked based on the "valid to" (datetime attribute) and CRL/OCSP checks.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Trusted Certificate Authorities

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Understanding Server SSL Trusted Certificate Authorities on BIG-IP

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

JWT authorization with NGINX Ingress Controller

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS