Forum Discussion

Cirrocumulus

Apr 12, 2011

Client SSL Profile Chain

Hello all, Scenario: BIP-IP version 9.4.4. New VS, x.x.x.x:443. SSL termination on f5 using Client SSL profile. I created a self signed SSL certificate on the f5 and this was issued by our o...

config

design

Hamish

Cirrocumulus

Apr 12, 2011

A chain certificate (Or chain list) is only alink between the site certificate being presented, and a trusted certificate in your browser... Presenting the same cert as site and chain simply means nothing more than just presenting the cert itself. You still don't have a chain of trust to follow.

To have a SS cert trusted, you have to install the SS cert into the CA cert list of a browser. WHich is a pain if you have a lot of them. Other options are to generate a local CA cert and install that as a CA cert in your browsers, and then use that to sign the certs you're generating... But that means you have to run a CA repository... And that means extra security, management etc...

YMMV whether it's worth it or not.

Forum Discussion

Client SSL Profile Chain

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Use F5 Distributed Cloud to service chain WAAP and CDN

SSL Profiles Part 3: Certificate Chain Implementation

Client SSL Profile

Curse the Rusty OSS supply chain - September 10th to 16th, 2023 - F5 SIRT - This Week in Security

Project Chain Links: Introduction