Michael_A__Fied
Aug 02, 2010Nimbostratus
Using the Server SSL Profile with an intermediary CA
I have a distinct feeling that I am overlooking something straightforward and simple.
We are attempting to secure our back-end web traffic, and have set up the following:
- ClientSSL profile "ServiceName" issued by RootCA
- ServerSSL profile "TrustRootCA" is "defaults from serverssl", and the CA certificate "ca file rootca.crt"
- Virtual Server has profile "ServiceName" and "TrustRootCA" attached to it.
This is pretty striaghtforward, and typically works when the TargetNode (apache) has a certificate issued from RootCA as well.
Where it seems to break is when the TargetNode has an Apache ssl profile issued by IntermediaryCA
- IntermediaryCA has been issued a CA cert from RootCA
- TargetNode has cert from IntermediaryCA
Attempting to connect to the Virtual Server provides the following:
This is driving me up the wall.