SSL cert chain

Question

I have a number of VIPs that are not showing the full SSL chain. they are showing the cert, not the issuing root. Does anyone know how to solve this issue?&nbsp;

root44 · Answer

Please correct me here if I am wrong. Are you looking for root cert or chain certs? If yes, then use WinSCP to login to the f5 LB and go to config -&gt; ssl -&gt; certs. You will find your root and chain certs here.
If you mean you are not seeing the root or chain certs in the VIP then add using following command:
create ltm profile client-ssl profile_name cert profile_name.crt chain profile_name-chain.crt key profile_name.key passphrase "password"
check the already existing profile using following command:
list ltm profile client-ssl my_profile&nbsp;

Please let me know if I solved your issue or you are looking for different issue.&nbsp;

gary_zhu · Answer

If you certificate is issued with one or more intermediate chain certificates, such as below:
  your_cert --&gt;  int_cert1 --&gt; int_cert2 --&gt; root_cert

Combine int_cert1 and int_cert2 into one file (text file) and import it into LB from "File Management" -&gt; "SSL certificate List".
On your ssl profile, assuming you go that route, use Configuration -&gt; Advanced, put that newly inserted intermediate certificates to "Chain" field.

Forum Discussion

SSL cert chain

2 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Chrome V 124+ on MacOS - Virtual Server Access Issue

google-visualization-issues

The best load balance method on this scenario?

SMS server with BIGIP

Related Content

Use F5 Distributed Cloud to service chain WAAP and CDN

SSL-Cert

SSL Cert expiration Tracker

SSL Profiles Part 3: Certificate Chain Implementation

LTM HA Pair SSL Certs