Microsoft CA certificate on F5 not using Common Name
Good Morning, We are using F5OS 1.2 with the15.1.6.1-0.0.10.T4 bundle as a tenant. We are generating CA certificates from our local Microsoft CA server and have noticed that the F5 / browser certificate when it comes back does not work as excpected. Anything we put in the Common Name field is ignored and it only looks at the SAN fields. If I put in a shortname or FQDN in Common for tenant, appliance or partition / application SSL certificate the browsers we tried it on just fail repeatedly. If I put either shortname or FQDN in Common for tenant, appliance or partition / application SSL certificate the browsers are happy and show us the happy green lock. Our support staff reports that the Common field works in version 14 but I cannot find a bug report or issue tracking ticket that shows that it might be broken in version 15 of the tenant bundle.
Create Your Own Certificate Authority
Problem this snippet solves: The main goal of this article is to share an easy way to create your own Certificate Authority (CA) for your lab enviroment with APM module. REF - https://github.com/DariuSGB/LabCA This repository is composed by a set of scripts that give you an easy way to: Create your own root CA. Create your own intermediate CA, signed by your root CA. Create your own certs, signed by your intermediate CA or your root CA. Create your own OCSP cert, for using it in your OCSP responder. Create your own CRL cert, for using it directly in your APM. Revoke your certs (remember to refresh your CRL cert after that). Create your own PKCS#12 cert (from regular PEM certs/keys) for installing it in your windows enviroment. Invoke a OCSP responder of your certs enviroment (remember to create a OCSP cert first). How to use this snippet: Download and install your enviroment using these commands: git clone https://github.com/DariuSGB/LabCA.git cd LabCA chmod +x $(ls | grep -v README) Tested this on version: 14.1
Big IP APM EAP-TLS integration
Dear all, I am looking for a way to implement the APM with two factor authentication for different remote clients(Windows, Iphone, Symbian etc). Now I am thinking about deploying a Microsoft Network Policy Server (NPS) for RADIUS authentication and a Certificate Authority(CA) for certificate distribution, because we would like to use EAP-TLS as the authentication protocol. This protocol is more secure than PEAP for example. Anyone experience with this setup? Can anyone share some information or links with information I can use in the designing process? Any help will be appreciated. Thanks, Marvin