For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jim_24689's avatar
Jim_24689
Icon for Nimbostratus rankNimbostratus
Aug 21, 2013

two way SSL and Trusted Certificate Authorities

Hello -   I understand that when a client presents a certificate that it can be verified as being issued from a trusted CA authority. What I don't know how to do is create the bundle of trusted C...
BIG-IP Access Policy Manager (APM)
deployment
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 21, 2013

You need the base64 "PEM" versions of the CA certificates. If you open them up in a text editor, they'll start with "===== BEGIN CERTIFICATE =====" and end with "====== END CERTIFICATE =====". The easiest way to get these, at least in Windows, is to first install it and then export it as base64. Once you have all of the CA certificates in base64, simply create a text file and add the text of each to the file, including the BEGIN and END headers/footers. Import this file as your CA bundle in the client SSL profile.

 

Also note that in order to validate a client certificate, you must have all of the CA certificates in the path from the issuer to the root. Example:

 

CA root -> subordinate CA -> issued client certificate

 

Related Content