02-Mar-2023 09:59
A programmer has asked if it is possible to install an intermediate SSL certificate on a single server behind an F5. Whatever programmatic tool he is using cannot validate the full chain, thus the need for the intermediate SSL certificate installation on this server.
I've searched and found documents on SSL certificate installation but nothing on the intermediate certificate installation using the F5.
Any response would be greatly appreciated.
Robert
02-Mar-2023 11:30
@Bullrdrnm This seems like a server administration question rather than an F5 question. At face value they can import any CA certificates into the server CA store that they would like but should absolutely be validated with the server administrators before he does it.
04-Mar-2023 22:41
HI @Bullrdrnm ,
you Can extract the intermediate Certificate from the ( server / domain ) Certificate itself , and you can upload it to your Bigip in the same way of uploading any certificate and Key.
After importing it in your appliance , you can add it in clientssl profile which you are using and put it in the chain field.
if you need to extract the intermediate certificate , Follow the below Article :
https://support.solarwinds.com/SuccessCenter/s/article/How-to-extract-the-Root-and-intermediate-cert...
If you need to install it in Bigip Follow the below Articles :
https://my.f5.com/manage/s/article/K13302
https://www.digicert.com/kb/ssl-support/f5-big-ip.htm
if this doesn't meet your needs , you can explain more your deployment , to be able to help you.