Implementing SSL Orchestrator - Certificate Considerations

Introduction This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ. Implementing SSL/TLS Decryption is not a tri...
Published Jan 09, 2020
Version 1.0
BIG-IP
certificate
csr
decryption
private key
security
series-big-ip-ssl-orchestrator
SSL Orchestrator
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jan 28, 2020

Hi Kevin,

Again with some questions :-) When signing CSR (for example using MS CA) is that not required to use template that is used for signing sub CA certs, so Key Usage includes those: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) and Basic Constraints: Subject Type=CA

or it's not required and standard Web Server template can be used - means this is enough:

Enhanced Key Usage: Server Authentication

Key Usage: Digital Signature, Key Encipherment (a0)

No Basic Constraints

 

Piotr