F5 BIG-IP SSLVPN client using machine certs and renewal of the issuing intermediate CA
Hello,
We use the F5 BIG-IP SSLVPN client in combination with machine certificates which are handed out by our internal MS PKI. Our internal PKI consists of a root CA and an intermediate CA, the machine certificates are signed by the intermediate CA. The machine certificates get verified in a "Machine Cert Auth" action/step of the access policy by means of a "CA Profile" which points to a certificate bundle containing our current root CA and intermediate CA certificate.
We would like to issue and start using a new intermediate CA but are unsure if it's possible to just add this new intermediate CA's certificate to the bundle and that way be able to verify machine certs issued by the old and the new intermediate CA at the same time using the same CA profile?