Convert an SSL certificate and key pair from unmanaged so you can deploy them to BIG-IP devices
When you discover a BIG-IP device, BIG-IQ imports the metadata for its SSL certificates’ properties, but not the actual SSL certificates and key pairs. These certificates display as Unmanaged on the BIG-IQ Certificates & Keys screen.
Convert an unmanaged SSL key certificate and key pair to managed so you can centrally manage it from BIG-IQ. This allows you to monitor each SSL certificate’s expiration date from BIG-IQ, without having to log on directly to the BIG-IP device.
-
At the top of the screen, click Configuration.
-
On the left, click LOCAL TRAFFIC > Certificate Management > Certificates & Keys.
-
Click the name of the unmanaged certificate.
-
For the Certificate Properties State setting, click the Import button and then:
- To upload the certificate’s file, select Upload File and click the Choose File button to navigate to the certificate file.
- To paste the content of a certificate file, select Paste Text and paste the certificate’s content into the Certificate Source field.
-
For the Key Properties State setting, click the Import button and then:
- To upload the key’s file, select Upload File and click the Choose File button to navigate to the key file.
- To paste the content of a key file, select Paste Text and paste the key’s content into the Key Source field.
-
Click the Import button.
The SSL certificate now displays as Managed on the Certificates & Keys screen.
You can now assign this SSL certificate and key pair to a Local Traffic Manager clientssl or serverssl profile. Before you deploy it to a BIG-IP device, you must add the clientssl or serverssl profile to that device’s LTM pinning policy. For more information about pinning, refer to the topic titled Managing Object Pinning in BIG-IQ: Security . For more information about deployments, refer to the topic titled Deploying Changes in Managing BIG-IP devices from BIG-IQ.