Manual Chapter :
Common Elements for SSL Certificates
Tasks
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP APM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP LTM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP AFM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP DNS
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP ASM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Common Elements for SSL Certificates
Tasks
- On the Main tab, click.The Trusted Device Certificates screen opens.
- On the Main tab, click.The Device Certificate screen opens.
- On the Main tab, click.The SSL Certificate List screen opens.
- On the Main tab, click.The Traffic Certificate Management screen opens.
- ClickCreate.
- Click theImportbutton.
- ClickImport.
- ClickImport.
- ClickExport.
- ClickExport.The Certificate Export screen displays the contents of the certificate in theCertificate Textbox.
- ClickRemove.
- ClickFinished.The Certificate Signing Request screen displays.
- Click theLoadbutton.
- For theUpload Archive Filesetting, clickBrowseand select the file to be imported.
- In theNamefield, type a unique name for the SSL certificate.
- From theIssuerlist, selectCertificate Authority.
- From theIssuerlist, selectSelf.
- In theCommon Namefield, type a name.This is typically the name of a web site, such aswww.siterequest.com.
- In theDivisionfield, type your department name.
- In theOrganizationfield, type your company name.
- In theLocalityfield, type your city name.
- In the orState or Provincefield, type your state or province name.
- From theCountrylist, select the name of your country.
- In theE-mail Addressfield, type your email address.
- In theChallenge Passwordfield, type a password.
- In theConfirm Passwordfield, re-type the password you typed in theChallenge Passwordfield.
- In the Key Properties area of the screen, from theSizelist, select1024.
- In theLifetimefield, type a number of days, or retain the default,365.
- In theSubject Alternative Namefield, type a name.This name is embedded in the certificate for X509 extension purposes.By assigning this name, you can protect multiple host names with a single SSL certificate.
- Configure any additionalCertificate Propertiessettings, as necessary.
- From theKey Typelist, select a key type.Possible values are:RSA,DSA, andECDSA.
- From theKey Typelist, selectRSA.
- From theSizelist, select a key size, in bits.Possible values are:512,1024,2048and4096.
- From theKey Typelist, selectECDSA.
- From theSizelist, select a key size, in bits.
- From theSizeorCurve Namelist, select either a size, in bits, or a curve name.
- If the BIG-IP system contains an internal HSM module, specify a location for storing the private key.
- From theCurve Namelist, selectprime256v1orsecp384r1.
- Do one of the following to download the request into a file on your system.
- In theRequest Textfield, copy the certificate.
- ForRequest File, click the button.
- Follow the instructions on the relevant certificate authority web site for either pasting the copied request or attaching the generated request file.
- From theImport Typelist, selectCertificate.
- From theImport Typelist, selectKey.
- From theImport Typelist, selectPKCS 12 (IIS).
- From theImport Typelist, selectArchive.
- From theImport Typelist, selectCertificate Revocation List.
- In theCertificate Revocation Listfield, type the name of the CRL that you want to import.
- For theCertificate Revocation List Sourcesetting, do one of the following:
- Select theUpload Fileoption, and browse to the location of the CRL file.
- Select thePaste Textoption, and paste the CRL text copied from another source.
- For theCertificate Namesetting:
- If you are importing a new certificate, selectCreate Newand type a unique name in the field.
- If you are replacing an existing certificate, selectOverwrite Existingand select a certificate name from the list.
- For theCertificate Sourcesetting, do one of the following:
- Select theUpload Fileoption, and browse to the location of the certificate file.
- Select thePaste Textoption, and paste the certificate text copied from another source.
- For theKey Namesetting, do one of the following:
- Select theCreate Newoption, and type a unique name in the field.
- Select theOverwrite Existingoption, and select a certificate name from the list.
- For theCertificate Namesetting, type a certificate name.
- For theCertificate Sourcesetting, clickBrowseand locate the source file.
- For theKey Sourcesetting, do one of the following:
- Select theUpload Fileoption, and browse to the location of the key file.
- Select thePaste Textoption, and paste the key text copied from another source.
- In thePasswordfield, type the password associated with the import source.
- from theSecurity Typelist, select a security type.
- To obtain the certificate, do one of the following:
- Copy the text from theCertificate Textfield, and paste it as needed into an interface on another system.
- At theCertificate Fileoption, clickDownload filenamewhere the filename is the name of the certificate file, such asmycert.crt.
- From theImport Methodlist, selectReplace.
- From theImport Methodlist, selectAppend.
- From theImport Typelist, selectCertificate and Key.
- From theImport Typelist, selectKey.
- From theImport Typelist, selectCertificate.
- From theImport Typelist, selectPKCS 12 (IIS).
- For theCertificate Sourcesetting, selectUpload Fileand browse to select the root certificate file.
- For theCertificate Sourcesetting, selectUpload Fileand browse to select the certificate signed by the CA server.
- For theCertificate Sourcesetting, selectUpload Fileand browse to select the certificate to upload.
- For theCertificate Sourcesetting, selectUpload Fileand browse to select the device certificate for the last CA in the certificate chain.
- For theCertificate Sourcesetting, selectUpload Fileand browse to select the certificate chain file.
- For theKey Sourcesetting, selectUpload Fileand browse to select the device key file.
- On one of the BIG-IP systems, complete the following steps.
- On the Main tab, click.
- From theImport Typelist, selectCertificate.
- For theCertificate Namesetting, clickCreate New, and typewom-root-ca.
- For theCertificate Sourcesetting, either clickUpload Fileand provide a file name by typing or browsing to the file, or clickPaste Text, and paste the text copied from another source into the field.
- ClickImport.
- Repeat these steps on the other BIG-IP system.
- Create a certificate and key on one of the BIG-IP systems (for example, BIG-IP SiteA).
- On the Main tab, click.
- Click theCreatebutton.
- In theNamefield, typewom-endpoint.
- From theIssuerlist, selectCertificate Authority.
- In theCommon Namefield, type the IP address of the local endpoint for the BIG-IP, for example,1.1.1.1.
- Provide any additional information required by your organization.
- ClickFinished.
- ClickFinished.
- In the Name column, view the list of certificates on the system.