Update only one specific SSL certificate in a bundle
Hello everyone
For a client I configured a VS to do SSL Client Certificate verification with APM. They have around 80 partners that access that VS and each has its own certificate identified by a number.
Also each client certificate has been issued by its own CA also identified by that same number
All certificates are part of a bundle and that bundle is specified as the ca-file in the SSL profile
ltm profile client-ssl /Common/services.ssl_client_prof_2 { app-service none ca-file /Common/certsbundle.crt cert /Common/services.crt
cert-key-chain { services_Intermediate_CA_bundle { cert /Common/services.crt chain /Common/Intermediate_CA_bundle.crt key /Common/services_key.key } } chain /Common/Intermediate_CA_bundle.crt defaults-from /Common/services_ssl_client_prof inherit-certkeychain false key /Common/services_key.key passphrase none }
That bundle is in PEM format and each partner section is identified by their number
example:
inline ca-certificate 6003-0780 "end-6003-0780" -----BEGIN CERTIFICATE---- "Encrypted Certificate" -----END CERTIFICATE----- end-6003-0780
They often have to update one of the certificates in the bundle.
What is the easiest and reliable way to do this. Is there a command that could replace the section of the file and importing the certificates following the change (keeping the same name as specified in the profile)
Maybe not the best way to do this, I am thinking of proposing them to only use one CA to issue all the certificates. Would there be any security issues that would arise by doing that
Thank you