How do I manage the local traffic SSL certificates for my BIG-IP devices from BIG-IQ?

BIG-IP® devices use traffic SSL certificates for secure communication. Certificates stored on BIG-IQ Centralized Management are in one of the following states:

• Unmanaged - Each time you discover a BIG-IP device and import the LTM service, BIG-IQ imports the properties (metadata) of its SSL certificate and key pair, but not the actual certificate and key pair, themselves. These SSL certificates display as Unmanaged on BIG-IQ. You can monitor the expiration dates for unmanaged SSL certificates, and assign them to BIG-IP Local Traffic Manager™ clientssl or serverssl profiles (as long as the BIG-IP devices already have those SSL certificates on them), but you can’t deploy unmanaged certificates to BIG-IP devices.
• Managed - A complete SSL certificate includes a public/private key pair. When you import an SSL certificate and key pair to BIG-IQ, it displays as Managed. You can assign these managed SSL certificates to Local Traffic Manager clientssl or serverssl profiles, and deploy them to BIG-IP devices.

From one centralized location, BIG-IQ makes it easy for you to request, import, and manage CA-signed SSL certificates, as well as import signed SSL certificates, keys, and PKCS #12 archive files created elsewhere. And if you want to create a self-signed certificate on BIG-IQ for your managed devices, you can do that too.

Once you’ve imported or created an SSL certificate and keys, you can assign them to your managed devices by associating them with a Local Traffic Manager clientssl or serverssl profile, and deploying it.