Jake_39981
Mar 05, 2012Nimbostratus
Chain Certificates / Client SSL Profile
We have one Virtual Server and client SSL profile shared by multiple clients coming in. One client is presenting a client cert signed by an intermediary "VeriSign Class 3 Extended Validation SSL CA" (not in ca-bundle). We're designing this in the lab; I followed SOL6401 http://support.f5.com/kb/en-us/solu...caprovided to create the chain cert using their root and intermediary certs to create the chain cert. I used openssl (as shown in SOL6401) to validate the client cert against the chain cert and it checked out perfectly! So it appears this will work for us. However, these are my questions:
1. When I tell the client ssl profile to use the chain cert, it will not affect other clients connecting with regular signed certs by root authorities found in ca-bundle, right?
2. If other clients want to use other intermediaries, can I simply append their root and intermediary certs to the same chain cert? We can only choose one chain cert from the drop down in the client SSL profile so I want to be sure this can be done.
I assume we'll be fine but I'd rather know for sure this will work before moving forward. Thanks!