<div>
Thank you so much for your fast reply. I am updating cert for F5. but someone says that we need to update intermediate certificate too. why is that?
</div>


<div>
Thank you all so much for your explanation! Based on the above, i realize all &quot;Root CA Cert &gt;&nbsp;Intermediate CA Cert (bundle of Sub CA) &gt;&nbsp;Server SSL cert.&quot; exist in F5. My question is what is function of &quot;Root CA Cert &gt;&nbsp;Intermediate CA Cert (bundle of Sub CA) &quot;&nbsp;for the whole chain? Can we directly use Server SSL ? <br />
<br />
If I am a client, and I want to install SSL for my F5, what do I need to buy? buy certificate or key?
</div>


<div>
Thank you so much for your explanation, especially the good example that you gave(driver license) to understand it. Here is thing that I am not sure:<br />
<br />
There are several sites in which F5 are located for the same website (maybe there there several servers behind them in different locations). do we need several certificates or just one? and its key? Do the client(user PC) need the same certificate and key? and the servers also need the certificate and key?
</div>


<div>
Thank you so much. <br />
It looks like that certificate/key is per website behavioral, for example, if the F5/server hold 10 websites, the F5/server need 10 certificate/key, right? but in users' side, their PC just just need to install the same &quot;root CA and SubCA cert&quot;, can i say like that?
</div>


<div>
Thank you all. I already have these basic concept. The post is very long and already answered many questions. I should stop here and i am going to start another new post for my next question. Thank you again!
</div>


<div>
Can I say, &nbsp;if we want &quot;&nbsp;CA root cert ----- intermediate cert ----- client cert&quot; to work, the chain should exist in both server and client PC?
</div>


<div>
yes - for both CA root cert ----- intermediate cert in server (must) and client (warning if missing but can still proceed to access). The client cert is for client machine and not server. The latter just check if the client cert's CA and int.cert is in its store
</div>


<div>
Very good. Do you think if client PC have two ways to get certificate? One is that client himself install it in the PC. <br />
Second is that administer install it on F5. when the client access the F5/server, it can automatically install it to the client PC
</div>


<div>
export &amp;&nbsp;import into client or self install upon prompt
</div>


<div>
<div class="content wysiwyg-content">
Hi Expert,<br />
I am installing certificate for F5. Can you use an example to explain the relation among ssl, certificate, ca and intermediate certificate, public key and private key, user and provider? Thank you
</div>
</div>


Hi Expert,
I am installing certificate for F5. Can you use an example to explain the relation among ssl, certificate, ca and intermediate certificate, public key and private key, user and provider? Thank you

What is relation among ssl, certificate, ca and intermediate certificate

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.