Forum Discussion

Aviv's avatar
Aviv
Icon for Cirrus rankCirrus
Jan 18, 2016

Advertised Certificate Authorities

Hi!

 

My certificate issuer issue certificates from his rootca to 2 intermidates certficates that issue certificates to users .

 

RootCA Intermidiate1 cert

 

RootCA Intermidiate2 cert

 

My ssl client profile is configured to use Intermidiate1 as Advertised Certificate Authorities How can I configure an ssl client profile to use 2 Advertised Certificate Authorities to support both chains in the same VS? (Intermidiate1+Intermidiate2)

 

Thanks,

 

Aviv Hassidim

 

2 Replies

  • You'll want to create a custom bundle and apply that to the client ssl profile. This solution article discusses doing that with certificates that have already been imported:

     

    https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302custom

     

    You can also do this in the GUI if you have the certificates in the proper format (PEM). To do this, select "import" under File Management -> SSL Certificates List. Set import type to Certificate and select the "paste text" radio button. You can then paste the two certificates in one right after the other (single carriage return, no white space). After you've imported it make sure to click on your custom bundle from the SSL Certificates List screen to verify both are there and the certificate properties are what you expect.

     

  • Thanks it works. first i have convert the 2 intermidate cer files to pem format

     

    openssl x509 -inform der -in intermidiate1.cer -out intermidiate1.pem

     

    openssl x509 -inform der -in intermidiate2.cer -out intermidiate2.pem

     

    then in the GUI select "import" under File Management -> SSL Certificates List. Set import type to Certificate and select the "paste text" radio button. then in the ssl client profile>under Advertised Certificate Authorities >> choose the new bundle certificate.

     

    Thanks to theCook!!