Nimbostratus
After pasting the BEGIN/END block for an intermediate certificate, I'm getting a key error. Can anyone tell me what the process is for adding intermediate certificates?
I'm attempting to use the import feature on the SSL Certificate screen using the cut and paste option.
Thanks,
D
Cirrostratus
NimbostratusCirrostratus
SOL6401: Configuring the BIG-IP to use an intermediate or chain certificate with a client SSL profile
Updated: 4/7/08 11:17 AM
In order to use the intermediate certificate with BIG-IP version 9.x, you must perform the following two procedures:
* Import the intermediate certificate to the BIG-IP system
* Configure an SSL client profile to use the intermediate certificate
Note: Intermediate certificates or chain certificates are obtained from the vendor of the certificate. For example, the Verisign intermediate certificate is available at the following location:
http://www.verisign.com/support/verisign-intermediate-ca/index.html.
The intermediate certificate or chain certificate must be in PEM format.
The most common Verisign intermediate certificates are as follows:
* Secure Site certificate, which is available at the following location:
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
* Secure Site Pro certificate, which is available at the following location:
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-pro-intermediate/index.html
Importing the intermediate certificate to the BIG-IP system
To import the intermediate certificate, perform the following procedure:
1. Log in to the Configuration utility.
2. Click Local Traffic.
3. Click SSL Certificates.
4. Click Import.
5. Select Certificate from the Import Type menu.
6. Click the Create New option.
7. Type intermediate for the Certificate Name.
8. Click Browse and navigate to select the intermediate certificate or chain certificate to import.
9. Click Open.
10. Click Import.
The intermediate certificate or chain certificate is now imported to the BIG-IP system and is available for use with a client SSL profile.
Configuring an SSL client profile to use the intermediate certificate
Note: F5 Networks normally recommends you create a custom SSL profile instead of modifying the default SSL profile. However, if all certificates on all websites configured on the system use the intermediate certificate, you may consider performing the following procedure on the default SSL profile.
To configure an SSL client profile to use the intermediate certificate, perform the following procedure:
1. Log in to the Configuration utility.
2. Click Local Traffic.
3. Click Profiles.
4. Select Client from the SSL menu.
5. Select the Client SSL profile to configure.
6. Select Advanced from the Configuration menu.
7. Select intermediate from the Chain menu.
8. Click Update.
Virtual servers that use this client SSL profile will now use the intermediate or chain certificate.
Aaron
Nimbostratus
In case anyone is setting this up with a GoDaddy cert, I used the "Go Daddy Secure Server Certificate (Intermediate Certificate)" which is located at https://certs.godaddy.com/Repository.go and everything worked fine.
Nimbostratus
-k