Forum Discussion
hooleylist
Dec 16, 2008Cirrostratus
I think you can concatenate multiple CA certificates in a bundle and configure the client SSL profile to use the cert bundle as the trusted client CA's option. Here is a snippet from the 9.3 config guide:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip9_3config/BIG_IP_LTM_9_3_Config_Guide-10-1.html
Specifying trusted client CAs
For client-side SSL processing, you can configure an SSL profile to verify certificates presented by a client or a server. Using the Trusted Certificate Authorities setting, you can specify a client trusted CAs file name, which the BIG-IP system then uses to verify client or server certificates. If you do not configure a trusted CAs file, the profile uses a default file.
The trusted CAs file that you specify for certificate verification contains one or more certificates, in Privacy Enhanced Mail (PEM) format. Built manually, this file contains a list of the client or server certificates that the SSL profile will trust. If you do not specify a trusted CAs file, or the specified trusted CAs file is not accessible to the BIG-IP system, the system uses the default file name.
You'll probably want to configure the same cert bundle in the 'Advertised Certificate Authorities' section as well.
Aaron