SSL CERTIFICATE CSR CREATION AND CERTIFICATE INSTALLATION FOR F5 BIG-IP
If you already have your SSL Certificate and just need to install it, see
SSL certificate installation below for f5 BIG-IP below.
CSR CREATION – F5 BIG-IP LOADBALANCER (VERSION 9)SSL CERTIFICATES
1. Launch the F5 BIGIP web GUI.
2. Under Local Traffic select 'SSL certificates' then 'Create'.
3. Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).
4. Under Certificate Properties enter the following information:
- Issuer: Certificate Authority (GlobalSign)
- Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)
- Division: Your department, such as 'Information Technology'
- Organization: The full legal name of your organization (e.g., TRUSTZONE)
- Locality, State or Province, Country: City, state, and country where your organization is located
- E-mail Address: Your email
- Challenge Password, Confirm Password: Your password
5. Under 'Key Properties', choose 2048.
6. Click the Finished button.
You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the TRUSTZONE order process when prompted.
7. After you receive your SSL certificate from TRUSTZONE, you can install it.
CSR GENERATION (EARLIER VERSIONS OF BIG-IP)
1. First, login to the BIG-IP device as the root user and run the following command:
You will be asked to enter your company details including the full legal company name and address of operation.
2. You can now make your Certificate Signing Request by entering the following command:
# /usr/local/bin/genkey www.yoursite.com
Make sure to replace 'www.yoursite.com' with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.
3. Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr — This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the TRUSTZONE order form. Make sure to include the BEGIN and END tags.
4. After you receive your SSL certificate from TRUSTZONE, you can install it.
SSL CERTIFICATE INSTALLATION – F5 BIG-INDEX-IP
Install your SSL certificate to a f5 BIG-IP Loadbalancer (version 9)
INSTALLING THE SSL CERTIFICATE
- Launch the F5 BIGIP web GUI.
- Under Local Traffic select 'SSL certificates'.
- Click on the name you assigned to the certificate under 'General Properties' while creating the CSR.
- Browse to the your_domain_name.crt file that you received from TRUSTZONE.
- Click 'Open' and then 'Import'. Your SSL certificate file is now installed.
ENABLING YOUR INTERMEDIATE CERTIFICATE
- In the web GUI, choose 'Local Traffic', then 'SSL Certificates', and then 'Import'.
- Under 'Import Type', choose Certificate, then 'Create New'.
- Enter 'IntermediateCA' as your certificate name.
- Browse to the IntermediateCA.crt file that you received from TRUSTZONE, click 'Open', and then 'Import'.
Your intermediate certificate should now be imported.
CONFIGURE YOUR SERVER FOR SSL
- Create or open the SSL Profile that you will be using with this certificate.
- Log in to the Configuration utility > Local Traffic > Profiles > Client (from the SSL menu), then select the client to configure and choose 'Advanced' from the Configuration menu.
- Select the SSL certificate (public/private key pair) that you installed at the beginning of these instructions.
- Under the 'Chain' section, browse to the 'IntermediateCA' file that you imported in the previous step, then save and exit the configuration.
Your SSL Certificate has now been installed and enabled for use on your server.
F5 BIG-IP PRE VERSION 9.X
Inside your TRUSTZONE account you can download your certificate files. You will need the SSL (your_domain_name.crt) and Intermediate (IntermediateCA.crt) certificate files. You will need both of these files for proper installation on you BIG-IP device. You do not need the TrustedRoot.crt file
- Move your SSL and Intermediate Certificates to the BIG-IP device.
The SSL certificate (your_domain_name.crt) and Intermediate (intermediate-ca.crt) certificate files can be moved to the BIG-IP box using FTP.
- Rename and move the certificate files.
Rename your SSL certificate from your_domain_name.crt to your.domain.name.crt and copy it to the /config/bigconfig/ssl.crt/ folder.
Copy the intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder.
- Restart the Proxy.
# bigpipe proxy <IP Address>:443 disable
# bigpipe proxy <IP Address>:443 enable
The Certificate is now installed.
Last updated: August 4, 2017