NimbostratusHi everyone
As subject , What use of ca-bundle?
Can I remove it? because It's always alert customer that some Certificate in ca-bundle is expired. and remove only "that expired certificate" is troublesome (many box , many expired cert)
Or Is there a way that we can config user-alert to not alert "ca-bundle certificate" expiration?
Thank you very much
Cirrocumulusright now we use this SOL to monitor certificate expiration
https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html
Not sure if it can exclude ca-bundle?
CirrusAs long as you are not utilizing the ca-bundle as part of any client ssl profile, I think it is okay to remove it.
Sorry for the late reply here, but there is now a deployment guide and iApp template that can assist you in updating the CA bundle that ships with the system. This allows you to add and remove certificates. See http://f5.com/pdf/deployment-guides/f5-ca-bundle-dg.pdf
AltostratusAwesome!! Added to knowledge archive --I will be using this soon!
NimbostratusCould you share the Iapp CA-Bundle? Is no longer available in downloads or through the pointer of the document f5-ca-bundle-dg.pdf.
Thank you
Hello Nobody96, the iApp is still in the current zip file on . As mentioned in the deployment guide, you must go to the "RELEASE CANDIDATES" folder inside the zip file, and there you'll find the CA bundle iApp. Let us know if you are still having troubles.
