Create a self-signed certificate on BIG-IQ for your managed devices
Create a self-signed SSL certificate and key pair on BIG-IQ Centralized Management so you can centrally manage it. This saves you time because you don’t have to log on to individual BIG-IP devices to create, monitor, or deploy certificates.
-
At the top of the screen, click Configuration.
-
On the left, click LOCAL TRAFFIC > Certificate Management > Certificates & Keys.
-
Click the Create button.
-
In the Name field, type a name for this certificate.
-
If the partition is anything other than Common, type it into the Partition field.
-
From the Issuer list, select Self.
-
Complete the details for this certificate.
Note: A Subject Alternative Name is embedded in a certificate for X509 extension purposes. Supported names include email, DNS, URI, IP, and RID. For the Subject Alternative Name field, use the format of a comma-separated list of name:value pairs.
-
In the Key Properties area, select the key type and size.
-
If the key is encrypted, from the Key Security Type list, select Password and type the password for the key in the Key Password field.
Important: If you select Normal, BIG-IQ will store the key as unencrypted, which can put your data at risk.
-
In the Password and Confirm Password fields, type and confirm the password for this key pair.
-
Click the Save & Close button.
The certificate displays in the Certificates & Keys list.
You can now assign this SSL certificate and key pair to a Local Traffic Manager clientssl or serverssl profile. Before you deploy it to a BIG-IP device, you must add the clientssl or serverssl profile to that device’s LTM pinning policy. For more information about pinning, refer to the topic titled Managing Object Pinning in BIG-IQ: Security . For more information about deployments, refer to the topic titled Deploying Changes in Managing BIG-IP devices from BIG-IQ.