Client SSL authentication with mutlipe trusted CAs and CRLs

Question

Hello,&nbsp;
we are using a client SSL profile with client authentication enabled. Now I need to add a second trusted CA and CRL. I created a second SSL profile with the new CA/CRL and tried to add it to the virtual server, but I receive following error: Virtual server xyz has more than one clientssl/serverssl profile with same server name.
What would be the best way to accomplish this?
Thanks in advance!&nbsp;

boneyard · Answer

combine both CA certificates into one certificate bundle (just copy paste the base64 info into one file / text field)&nbsp;
for CRL it is more complicated you will have to merge those, which probably will require some scripting.&nbsp;
btw: similar question with some options was asked here: https://devcentral.f5.com/questions/crl-verification-in-irule&nbsp;
in the end you might consider setting up two virtual servers with different hostnames, will make your life easier for sure :)&nbsp;

Forum Discussion

Client SSL authentication with mutlipe trusted CAs and CRLs

1 Reply

Recent Discussions

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Trust your CDN, but not completely

Creating device trust / trust-domain through iControl REST Call(s)

Doing mTLS Authentication per URL

Overview of Trusted Client IP Headers in F5 Distributed Cloud Platform