Manual Chapter : Common Elements for SSL Certificates Tasks

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 15.0.0

BIG-IP AFM

  • 15.0.0

BIG-IP ASM

  • 15.0.0

BIG-IP AAM

  • 15.0.0

BIG-IP APM

  • 15.0.0

BIG-IP LTM

  • 15.0.0
Manual Chapter

Common Elements for SSL Certificates Tasks

  1. On the Main tab, click
    System
    Device Certificates
    Trusted Device Certificates
    .
    The Trusted Device Certificates screen opens.
  2. On the Main tab, click
    System
    Device Certificates
    .
    The Device Certificate screen opens.
  3. On the Main tab, click
    Local Traffic
    SSL Certificate List
    .
    The SSL Certificate List screen opens.
  4. On the Main tab, click
    System
    Certificate Management
    Traffic Certificate Management
    .
    The Traffic Certificate Management screen opens.
  5. Click
    Create
    .
  6. Click the
    Import
    button.
  7. Click
    Import
    .
  8. Click
    Import
    .
  9. Click
    Export
    .
  10. Click
    Export
    .
    The Certificate Export screen displays the contents of the certificate in the
    Certificate Text
    box.
  11. Click
    Remove
    .
  12. Click
    Finished
    .
    The Certificate Signing Request screen displays.
  13. Click the
    Load
    button.
  14. For the
    Upload Archive File
    setting, click
    Browse
    and select the file to be imported.
  15. In the
    Name
    field, type a unique name for the SSL certificate.
  16. From the
    Issuer
    list, select
    Certificate Authority
    .
  17. From the
    Issuer
    list, select
    Self
    .
  18. In the
    Common Name
    field, type a name.
    This is typically the name of a web site, such as
    www.siterequest.com
    .
  19. In the
    Division
    field, type your department name.
  20. In the
    Organization
    field, type your company name.
  21. In the
    Locality
    field, type your city name.
  22. In the or
    State or Province
    field, type your state or province name.
  23. From the
    Country
    list, select the name of your country.
  24. In the
    E-mail Address
    field, type your email address.
  25. In the
    Challenge Password
    field, type a password.
  26. In the
    Confirm Password
    field, re-type the password you typed in the
    Challenge Password
    field.
  27. In the Key Properties area of the screen, from the
    Size
    list, select
    1024
    .
  28. In the
    Lifetime
    field, type a number of days, or retain the default,
    365
    .
  29. In the
    Subject Alternative Name
    field, type a name.
    This name is embedded in the certificate for X509 extension purposes.
    By assigning this name, you can protect multiple host names with a single SSL certificate.
  30. Configure any additional
    Certificate Properties
    settings, as necessary.
  31. From the
    Key Type
    list, select a key type.
    Possible values are:
    RSA
    ,
    DSA
    , and
    ECDSA
    .
  32. From the
    Key Type
    list, select
    RSA
    .
  33. From the
    Size
    list, select a key size, in bits.
    Possible values are:
    512
    ,
    1024
    ,
    2048
    and
    4096
    .
  34. From the
    Key Type
    list, select
    ECDSA
    .
  35. From the
    Size
    list, select a key size, in bits.
  36. From the
    Size
    or
    Curve Name
    list, select either a size, in bits, or a curve name.
  37. If the BIG-IP system contains an internal HSM module, specify a location for storing the private key.
  38. From the
    Curve Name
    list, select
    prime256v1
    or
    secp384r1
    .
  39. Do one of the following to download the request into a file on your system.
    • In the
      Request Text
      field, copy the certificate.
    • For
      Request File
      , click the button.
  40. Follow the instructions on the relevant certificate authority web site for either pasting the copied request or attaching the generated request file.
  41. From the
    Import Type
    list, select
    Certificate
    .
  42. From the
    Import Type
    list, select
    Key
    .
  43. From the
    Import Type
    list, select
    PKCS 12 (IIS)
    .
  44. From the
    Import Type
    list, select
    Archive
    .
  45. From the
    Import Type
    list, select
    Certificate Revocation List
    .
  46. In the
    Certificate Revocation List
    field, type the name of the CRL that you want to import.
  47. For the
    Certificate Revocation List Source
    setting, do one of the following:
    • Select the
      Upload File
      option, and browse to the location of the CRL file.
    • Select the
      Paste Text
      option, and paste the CRL text copied from another source.
  48. For the
    Certificate Name
    setting:
    • If you are importing a new certificate, select
      Create New
      and type a unique name in the field.
    • If you are replacing an existing certificate, select
      Overwrite Existing
      and select a certificate name from the list.
  49. For the
    Certificate Source
    setting, do one of the following:
    • Select the
      Upload File
      option, and browse to the location of the certificate file.
    • Select the
      Paste Text
      option, and paste the certificate text copied from another source.
  50. For the
    Key Name
    setting, do one of the following:
    • Select the
      Create New
      option, and type a unique name in the field.
    • Select the
      Overwrite Existing
      option, and select a certificate name from the list.
  51. For the
    Certificate Name
    setting, type a certificate name.
  52. For the
    Certificate Source
    setting, click
    Browse
    and locate the source file.
  53. For the
    Key Source
    setting, do one of the following:
    • Select the
      Upload File
      option, and browse to the location of the key file.
    • Select the
      Paste Text
      option, and paste the key text copied from another source.
  54. In the
    Password
    field, type the password associated with the import source.
  55. from the
    Security Type
    list, select a security type.
  56. To obtain the certificate, do one of the following:
    • Copy the text from the
      Certificate Text
      field, and paste it as needed into an interface on another system.
    • At the
      Certificate File
      option, click
      Download filename
      where the filename is the name of the certificate file, such as
      mycert.crt
      .
  57. From the
    Import Method
    list, select
    Replace
    .
  58. From the
    Import Method
    list, select
    Append
    .
  59. From the
    Import Type
    list, select
    Certificate and Key
    .
  60. From the
    Import Type
    list, select
    Key
    .
  61. From the
    Import Type
    list, select
    Certificate
    .
  62. From the
    Import Type
    list, select
    PKCS 12 (IIS)
    .
  63. For the
    Certificate Source
    setting, select
    Upload File
    and browse to select the root certificate file.
  64. For the
    Certificate Source
    setting, select
    Upload File
    and browse to select the certificate signed by the CA server.
  65. For the
    Certificate Source
    setting, select
    Upload File
    and browse to select the certificate to upload.
  66. For the
    Certificate Source
    setting, select
    Upload File
    and browse to select the device certificate for the last CA in the certificate chain.
  67. For the
    Certificate Source
    setting, select
    Upload File
    and browse to select the certificate chain file.
  68. For the
    Key Source
    setting, select
    Upload File
    and browse to select the device key file.
  69. On one of the BIG-IP systems, complete the following steps.
    1. On the Main tab, click
      System
      File Management
      SSL Certificate List
      Import
      .
    2. From the
      Import Type
      list, select
      Certificate
      .
    3. For the
      Certificate Name
      setting, click
      Create New
      , and type
      wom-root-ca
      .
    4. For the
      Certificate Source
      setting, either click
      Upload File
      and provide a file name by typing or browsing to the file, or click
      Paste Text
      , and paste the text copied from another source into the field.
    5. Click
      Import
      .
    6. Repeat these steps on the other BIG-IP system.
  70. Create a certificate and key on one of the BIG-IP systems (for example, BIG-IP SiteA).
    1. On the Main tab, click
      System
      File Management
      SSL Certificate List
      .
    2. Click the
      Create
      button.
    3. In the
      Name
      field, type
      wom-endpoint
      .
    4. From the
      Issuer
      list, select
      Certificate Authority
      .
    5. In the
      Common Name
      field, type the IP address of the local endpoint for the BIG-IP, for example,
      1.1.1.1
      .
    6. Provide any additional information required by your organization.
    7. Click
      Finished
      .
  71. Click
    Finished
    .
  72. In the Name column, view the list of certificates on the system.