Need clarification on F5 Big IP SSL profiles Chain and Trusted CAs
Posted on 2011-03-01
We have a scenario wherein in our organization our CA is expiring and has now been replaced with a new CA. This new one, however was sent to us together with an intermediate certificate.
We have just received the PK12 file of one of the certificates which is up for renewal and which has been signed by the new CA (and the intermediate one). Both the intermediate and new CA are now installed in our F5 box.
Our question is, once we renew our new certificate from the GUI, we are not sure how to fill in the blanks for "Chain" and "Trusted Certificate Authorities." Do we:
A. Leave "Chain" as NONE and for "Trusted Certificate Authorities" select the intermediate cert
B. Leave "Chain" as NONE and for "Trusted Certificate Authorities" select the new CA
C. For "Chain" use the intermediate certificate and for "Trusted Certificate Authorities" select the new CA?
Thanks and regards.