Forum Discussion

svs's avatar
svs
Icon for Cirrus rankCirrus
Jun 04, 2018

Client Certificate Authentication with CA-Bundle

Hi,

 

I would like to configure a client certificate authentication, using a Client SSL Profile. This works as expected, but I need to configure multiple Trusted/Advertised CA certificates. As TMOS 13.x have the ability to configure CA-bundles, I thought this might be the best way to configure several CA certificates, without importing a PEM file containing multiple CA certificates.

 

In the SSL client profile configuration, I can select a CA-bundle. Unfortunately my custom CA-bundle does not appear on the list, although another custom CA-bundle does appear in the list. After several hours of researching and testing I'm not able to find out how to get my custom CA-bundle assigned to the SSL client profile.

 

Any ideas what might the reason, that the CA-bundle doesn't appear in the list?

 

Thanks for any thoughts.

 

Cheers,

 

svs

 

application delivery
LTM
TMOS

2 Replies

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Jun 04, 2018

    The system will show in the SSL certificate list, as certificate if only one certificate, or bundle if 2 or more certificates. Anyway, the full list (both certificate and bundle) is available for you in the chain dropdown list.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Jun 04, 2018

    Hi,

     

    normally it must appear...

     

    You can try this:

     

    • create a certificate with only on CA, suppose you call it bundle-ca.
    • set it in you ssl client profile (Trusted/Advertised)
    • once configured, modify your bundle-ca with on cert adding all other certificate...

    Using this way it must work. otherwise it's another problem that you have!!!

     

    Keep me in touch