Forum Discussion

Rosieodonell_16's avatar
Rosieodonell_16
Icon for Cirrus rankCirrus
Apr 10, 2015

Help needed with Chain Bundle - Machine Cert

Hi everyone,

 

I am having the same issues as this F5 user:

 

https://devcentral.f5.com/questions/ca-profiles-and-machine-cert-checks

 

It looks like he created a CA bundle and it fixed his issue. I am just wondering if I going in the right direction to create my own ca bundle

 

cat /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Root_crt <(echo -e \r) /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Issue_Int1 <(echo -e \r) /config/filestore/files_d/Common_d/certificate_d/:Common:Corp_Issue_Int2 > /var/tmp/Corp_chain.crt

 

So basically i have the roo listed first and then the two intermediates.... just wondering if this is correct?

 

APM
application delivery
deployment
LTM
security
TMSH

3 Replies

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Apr 10, 2015
    I think yes. I prefer to export and open the contents of all the certificates (base 64 crt) in a text editor, join it and then paste it to create a certificate. So the type of certificate is a bundle and I not fumble me in the shell command. []
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 11, 2015

    So basically i have the roo listed first and then the two intermediates.... just wondering if this is correct?

    i normally place intermediate first and then root certificate.

    4.Create a chain certificate file named chain.crt by typing the following command:

cat intermediateCA_1.crt intermediateCA_2.crt rootCA.crt > chain.crt

Note: Including the root CA certificate in the bundle is optional and does not affect its functionality.

    sol6401: Configuring the BIG-IP to use an SSL chain certificate (9.x - 10.x)

    https://support.f5.com/kb/en-us/solutions/public/6000/400/sol6401.html

  • Rosieodonell_16's avatar
    Rosieodonell_16
    Icon for Cirrus rankCirrus
    Apr 15, 2015
    I did what you said and it worked thank you for the answer. I am sure the command line would work as well but this was much easier. Cheers!