For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jim_24689's avatar
Jim_24689
Icon for Nimbostratus rankNimbostratus
Aug 21, 2013

two way SSL and Trusted Certificate Authorities

Hello -   I understand that when a client presents a certificate that it can be verified as being issued from a trusted CA authority. What I don't know how to do is create the bundle of trusted C...
BIG-IP Access Policy Manager (APM)
deployment
management
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 22, 2013

Just to be clear, we're talking about the CA certs. You'll never have a copy of the private key, just the public certificate. If you open that cert up with a text editor, you'll either see gobbledeegook - which would be the "DER" binary-encoded format, or PEM - which will start with "===== BEGIN CERTIFICATE =====" and contain several lines of ASCII characters. This is the format you need. Take this text, plus the PEM-formatted text of all of the other CAs, and put that into a single text file. Example:

===== BEGIN CERTIFICATE =====
dhduejdushsudhsksjsjssnsjdnd
JsjdjdnjssjshavggbajHaukagHa
...
===== END CERTIFICATE =====
===== BEGIN CERTIFICATE =====
dhduejdushsudhsksjsjssnsjdnd
JsjdjdnjssjshavggbajHaukagHa
...
===== END CERTIFICATE =====

This will be your CA bundle file.

Related Content