F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP System: SSL Administration
  3. Common Elements for SSL Certificates Tasks
Manual Chapter : Common Elements for SSL Certificates Tasks

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.0.1, 15.0.0

BIG-IP APM

  • 15.0.1, 15.0.0

BIG-IP Link Controller

  • 15.0.1, 15.0.0

BIG-IP Analytics

  • 15.0.1, 15.0.0

BIG-IP LTM

  • 15.0.1, 15.0.0

BIG-IP AFM

  • 15.0.1, 15.0.0

BIG-IP PEM

  • 15.0.1, 15.0.0

BIG-IP DNS

  • 15.0.1, 15.0.0

BIG-IP ASM

  • 15.0.1, 15.0.0
Manual Chapter

Common Elements for SSL Certificates Tasks

  1. On the Main tab, click
    System
    Device Certificates
    Trusted Device Certificates
    .
    The Trusted Device Certificates screen opens.
  2. On the Main tab, click
    System
    Device Certificates
    .
    The Device Certificate screen opens.
  3. On the Main tab, click
    Local Traffic
    SSL Certificate List
    .
    The SSL Certificate List screen opens.
  4. On the Main tab, click
    System
    Certificate Management
    Traffic Certificate Management
    .
    The Traffic Certificate Management screen opens.
  5. Click
    Create
    .
  6. Click the
    Import
     button.
  7. Click
    Import
    .
  8. Click
    Import
    .
  9. Click
    Export
    .
  10. Click
    Export
    .
    The Certificate Export screen displays the contents of the certificate in the
    Certificate Text
     box.
  11. Click
    Remove
    .
  12. Click
    Finished
    .
    The Certificate Signing Request screen displays.
  13. Click the
    Load
     button.
  14. For the
    Upload Archive File
     setting, click
    Browse
     and select the file to be imported.
  15. In the
    Name
     field, type a unique name for the SSL certificate.
  16. From the
    Issuer
     list, select
    Certificate Authority
    .
  17. From the
    Issuer
     list, select
    Self
    .
  18. In the
    Common Name
     field, type a name.
    This is typically the name of a web site, such as
    www.siterequest.com
    .
  19. In the
    Division
     field, type your department name.
  20. In the
    Organization
     field, type your company name.
  21. In the
    Locality
     field, type your city name.
  22. In the or
    State or Province
     field, type your state or province name.
  23. From the
    Country
     list, select the name of your country.
  24. In the
    E-mail Address
     field, type your email address.
  25. In the
    Challenge Password
     field, type a password.
  26. In the
    Confirm Password
     field, re-type the password you typed in the
    Challenge Password
     field.
  27. In the Key Properties area of the screen, from the
    Size
     list, select
    1024
    .
  28. In the
    Lifetime
     field, type a number of days, or retain the default,
    365
    .
  29. In the
    Subject Alternative Name
     field, type a name.
    This name is embedded in the certificate for X509 extension purposes.
    By assigning this name, you can protect multiple host names with a single SSL certificate.
  30. Configure any additional
    Certificate Properties
     settings, as necessary.
  31. From the
    Key Type
     list, select a key type.
    Possible values are:
    RSA
    ,
    DSA
    , and
    ECDSA
    .
  32. From the
    Key Type
     list, select
    RSA
    .
  33. From the
    Size
     list, select a key size, in bits.
    Possible values are:
    512
    ,
    1024
    ,
    2048
    and
    4096
    .
  34. From the
    Key Type
     list, select
    ECDSA
    .
  35. From the
    Size
     list, select a key size, in bits.
  36. From the
    Size
     or
    Curve Name
     list, select either a size, in bits, or a curve name.
  37. If the BIG-IP system contains an internal HSM module, specify a location for storing the private key.
  38. From the
    Curve Name
     list, select
    prime256v1
     or
    secp384r1
    .
  39. Do one of the following to download the request into a file on your system.
    • In the
      Request Text
       field, copy the certificate.
    • For
      Request File
      , click the button.
  40. Follow the instructions on the relevant certificate authority web site for either pasting the copied request or attaching the generated request file.
  41. From the
    Import Type
     list, select
    Certificate
    .
  42. From the
    Import Type
     list, select
    Key
    .
  43. From the
    Import Type
     list, select
    PKCS 12 (IIS)
    .
  44. From the
    Import Type
     list, select
    Archive
    .
  45. From the
    Import Type
     list, select
    Certificate Revocation List
    .
  46. In the
    Certificate Revocation List
     field, type the name of the CRL that you want to import.
  47. For the
    Certificate Revocation List Source
     setting, do one of the following:
    • Select the
      Upload File
       option, and browse to the location of the CRL file.
    • Select the
      Paste Text
       option, and paste the CRL text copied from another source.
  48. For the
    Certificate Name
     setting:
    • If you are importing a new certificate, select
      Create New
       and type a unique name in the field.
    • If you are replacing an existing certificate, select
      Overwrite Existing
       and select a certificate name from the list.
  49. For the
    Certificate Source
     setting, do one of the following:
    • Select the
      Upload File
       option, and browse to the location of the certificate file.
    • Select the
      Paste Text
       option, and paste the certificate text copied from another source.
  50. For the
    Key Name
     setting, do one of the following:
    • Select the
      Create New
       option, and type a unique name in the field.
    • Select the
      Overwrite Existing
       option, and select a certificate name from the list.
  51. For the
    Certificate Name
     setting, type a certificate name.
  52. For the
    Certificate Source
     setting, click
    Browse
     and locate the source file.
  53. For the
    Key Source
     setting, do one of the following:
    • Select the
      Upload File
       option, and browse to the location of the key file.
    • Select the
      Paste Text
       option, and paste the key text copied from another source.
  54. In the
    Password
     field, type the password associated with the import source.
  55. from the
    Security Type
     list, select a security type.
  56. To obtain the certificate, do one of the following:
    • Copy the text from the
      Certificate Text
       field, and paste it as needed into an interface on another system.
    • At the
      Certificate File
       option, click
      Download filename
       where the filename is the name of the certificate file, such as
      mycert.crt
      .
  57. From the
    Import Method
     list, select
    Replace
    .
  58. From the
    Import Method
     list, select
    Append
    .
  59. From the
    Import Type
     list, select
    Certificate and Key
    .
  60. From the
    Import Type
     list, select
    Key
    .
  61. From the
    Import Type
     list, select
    Certificate
    .
  62. From the
    Import Type
     list, select
    PKCS 12 (IIS)
    .
  63. For the
    Certificate Source
     setting, select
    Upload File
     and browse to select the root certificate file.
  64. For the
    Certificate Source
     setting, select
    Upload File
     and browse to select the certificate signed by the CA server.
  65. For the
    Certificate Source
     setting, select
    Upload File
     and browse to select the certificate to upload.
  66. For the
    Certificate Source
     setting, select
    Upload File
     and browse to select the device certificate for the last CA in the certificate chain.
  67. For the
    Certificate Source
     setting, select
    Upload File
     and browse to select the certificate chain file.
  68. For the
    Key Source
     setting, select
    Upload File
     and browse to select the device key file.
  69. On one of the BIG-IP systems, complete the following steps.
    1. On the Main tab, click
      System
      File Management
      SSL Certificate List
      Import
      .
    2. From the
      Import Type
       list, select
      Certificate
      .
    3. For the
      Certificate Name
       setting, click
      Create New
      , and type
      wom-root-ca
      .
    4. For the
      Certificate Source
       setting, either click
      Upload File
       and provide a file name by typing or browsing to the file, or click
      Paste Text
      , and paste the text copied from another source into the field.
    5. Click
      Import
      .
    6. Repeat these steps on the other BIG-IP system.
  70. Create a certificate and key on one of the BIG-IP systems (for example, BIG-IP SiteA).
    1. On the Main tab, click
      System
      File Management
      SSL Certificate List
      .
    2. Click the
      Create
       button.
    3. In the
      Name
       field, type
      wom-endpoint
      .
    4. From the
      Issuer
       list, select
      Certificate Authority
      .
    5. In the
      Common Name
       field, type the IP address of the local endpoint for the BIG-IP, for example,
      1.1.1.1
      .
    6. Provide any additional information required by your organization.
    7. Click
      Finished
      .
  71. Click
    Finished
    .
  72. In the Name column, view the list of certificates on the system.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information