Implementing SSL Orchestrator - Certificate Considerations
Introduction This article is part of a series on implementing BIG-IP SSL Orchestrator. It includes high availability and central management with BIG-IQ. Implementing SSL/TLS Decryption is not a tri...
Published Jan 09, 2020
Version 1.0KevinGallaugher
Employee
Joined November 15, 2019
KevinGallaugher
Employee
Joined November 15, 2019
dragonflymr
Jan 28, 2020Cirrostratus
Hi Kevin,
Again with some questions :-) When signing CSR (for example using MS CA) is that not required to use template that is used for signing sub CA certs, so Key Usage includes those: Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing (86) and Basic Constraints: Subject Type=CA
or it's not required and standard Web Server template can be used - means this is enough:
Enhanced Key Usage: Server Authentication
Key Usage: Digital Signature, Key Encipherment (a0)
No Basic Constraints
Piotr