Manual Chapter :
How do I manage the local traffic SSL
certificates for my BIG-IP devices from BIG-IQ ?
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.4.0
How do I manage the local traffic SSL
certificates for my BIG-IP devices from BIG-IQ ?
BIG-IP® devices use traffic SSL certificates for secure communication.
Certificates stored on BIG-IQ Centralized Management are in one of the
following states:
- Unmanaged- Each time you discover a BIG-IP device and import the LTM service, BIG-IQ imports the properties (metadata) of its SSL certificate and key pair, but not the actual certificate and key pair, themselves. These SSL certificates display asUnmanagedon BIG-IQ. You can monitor the expiration dates for unmanaged SSL certificates, and assign them to BIG-IP Local Traffic Manager™clientsslorserversslprofiles (as long as the BIG-IP devices already have those SSL certificates on them), but you can't deploy unmanaged certificates to BIG-IP devices.
- Managed- A complete SSL certificate includes a public/private key pair. When you import an SSL certificate and key pair to BIG-IQ, it displays asManaged. You can assign these managed SSL certificates to Local Traffic Managerclientsslorserversslprofiles, and deploy them to BIG-IP devices.
From one centralized location, BIG-IQ makes it easy for you to request, import, and manage
CA-signed SSL certificates, as well as import signed SSL certificates, keys, and PKCS #12
archive files created elsewhere. And if you want to create a self-signed certificate on BIG-IQ
for your managed devices, you can do that too.
Once you've imported or created an SSL certificate and keys, you can assign them to your
managed devices by associating them with a Local Traffic Manager
clientssl
or serverssl
profile, and deploying
it.
