need SSL but don't need security alert

If the certificate is not issued by a certificate authority that the client's browser has stored as a root certificate, the browser will generate the untrusted certificate alert. You could either install a root certificate on every browser that will connect to the virtual server, get a valid certificate authority issued certificate or live with the browser security alert.

 

 

Many cert authorities offer a cheap certificate service. Godaddy is one of the cheapest that is recognized by all major browsers (http://www.whichssl.com/comparisons/low.html).

 

 

Aaron

Hi Aaron,

 

 

Thanks for reply. Actually we already got the SSL Certificate through CA and deployed in F5. Now the client don't need to get notification of security alert while client needs ssl in their website URL for security purpose.

 

I want to do all the changes from F5 side only. So is there any iRule or function in F5 to disable the notification of Security Alert but https should be attached in this URL.

 

 

Thanks

If you have a CA signed cert, you should be able to configure the client SSL profile to send the client an intermediate cert which chains the site's cert to the root cert in the client's browser.

 

 

What is the exact error the client sees?

 

 

Aaron

Hi Aaron,

 

Clients not getting any error. Actually they don't want to get popup (or notification) everytime of Security Alert when they open the URL.

 

Then what is the text of the "popup (or notification) of Security Alert"?

 

 

Aaron

Is there any function so that URL will open through https but didn't get any security alert (or notification). Please fine the attached file manetioned which notification i am talking about that..

 

Actually Like the Windows machine we can add the certificate so next time when we open the page we will not get any notification. Similar like that i want to configure in F5.

It looks like the security alert is indicating the certificate authority for the SSL certificate is not one which the client's browser has installed as a root certificate. So you'll need to configure LTM to send the intermediate certificate in the client SSL profile. See the following solutions for details on configuring this:

 

 

SOL6401: Configuring the BIG-IP to use an intermediate or chain certificate with a clientssl profile

 

https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html

 

 

SOL10167: Overview of the ClientSSL profile

 

https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html

 

 

Aaron

 

Hi aaron,

 

 

Thanks for this. Its really useful for us.

 

 

Regards

 

Ashish