Manual Chapter :
CE File - SSL Certificates
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.0.0
CE File - SSL Certificates
- On the left, click.
- On the left, click.
- On the left, click.
- Click the name of the unmanaged certificate.
- Click the name of the certificate.
- In theNamefield, type a name for this certificate.
- If the partition is anything other thanCommon, type it into thePartitionfield.
- From theIssuer list, select an option.
- Self- select this option if you want to create a self-signed certificate.
- Certificate Authority- select this option to use a certificate authority.
- From theIssuer list, selectSelf.
- From theIssuer list, selectCertificate Authority.
- Complete the details for this certificate.A Subject Alternative Name is embedded in a certificate for X509 extension purposes. Supported names include email, DNS, URI, IP, and RID. For theSubject Alternative Namefield, use the format of a comma-separated list ofname:valuepairs.
- In the Key Properties area, select the key type and size.
- From theImport Typelist, selectCertificate.
- From theImport Typelist, selectImport from CA Providers.
- Select the check box next toVenafi, enter the passphrase, and click theImportbutton at the bottom of the screen.
- To renew certificates prior to their expiration, enable theAuto Renewaloption.By default, enabling this option automatically renews certificates 7 days before expiration. You can select a longer period of time.
- To automatically deploy renewed certificates over your BIG-IP devices, enable theAuto Deployoption.By default, enabling this option automatically deploys renewed certificates at the time 00:00 (midnight) following certificate renewal. You can select a different time of day.
- For theCertificate Namesetting, selectCreate NeworOverwrite Existing.
- From theImport Typelist, selectKey.
- For Certificate Name, selectOverwrite Existingand select the certificate you named when you created the CSR for this certificate.
- For theKey Namesetting, selectCreate NeworOverwrite Existing.
- If you selectedOverwrite Existing, select the key you want to overwrite.
- If you selectedOverwrite Existing, select the certificate you want to overwrite.
- For theKey Sourcesetting: .
- To upload the key's file, select selectUpload Fileand click theChoose Filebutton to navigate to the key file.
- To paste the content of the key file, selectPaste Textand paste the key's content into theKey Sourcefield.
- For theCertificate Sourcesetting:
- To upload the certificate's file, selectUpload Fileand click theChoose Filebutton to navigate to the certificate file.
- To paste the content of the certificate file, selectPaste Textand paste the certificate's content into theCertificate Sourcefield.
- From theImport Typelist, selectCertificate.
- From theImport Typelist, selectPKCS#12.
- If the key is encrypted, from theKey Security Typelist, selectPasswordand type the password for the key in theKey Passwordfield.If you selectNormal, BIG-IQ will store the key as unencrypted, which can put your data at risk.
- In thePasswordandConfirm Passwordfields, type and confirm the password for this key pair.
- Click theImportbutton at the bottom of the screen.
- Click theCreatebutton at the bottom of the screen.
- At the top right of the screen, click theRenew Certificatebutton.
The certificate displays in the Certificates & Keys list.
You
can now assign this SSL certificate and key pair to a Local Traffic Manager
clientssl
or serverssl
profile. Before you deploy
it to a BIG-IP device, you must add the clientssl
or serverssl
profile to that device's LTM pinning policy. For more
information about pinning, refer to the topic titled Managing Object Pinning
in BIG-IQ:
Security
. For more information about deployments, refer to the topic titled
Deploying Changes
in Managing BIG-IP devices from BIG-IQ
.