F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. F5 SSL Orchestrator
  4. SSL Orchestrator: Setup
  5. Installing and Configuring the System for F5 SSL Orchestrator
Manual Chapter : Installing and Configuring the System for F5 SSL Orchestrator

Applies To:

Show Versions Show Versions

F5 SSL Orchestrator

  • 14.0.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Installing and Configuring the System for F5 SSL Orchestrator

Overview: Installing and Configuring the system for F5 SSL Orchestrator

To install the F5 BIG-IP SSL Orchestrator 14.0.0-4.0, and you do not have an existing SSL Orchestrator add-on license or previous version of SSL Orchestrator installed, see the complete step-by-step installation instructions in BIG-IP Systems: Upgrading Software guide. The SSL Orchestrator 4.0 RPM image is packaged with the F5 BIG-IP 14.0.0 image.

To upgrade to the newest version of SSL Orchestrator from a previous version of SSL Orchestrator, or you have an existing add-on license, follow the recommended upgrade steps in the Upgrading from a previous version of SSL Orchestrator sections. Previously deployed SSL Orchestrator configurations cannot be rolled forward or imported into the new version of SSL Orchestrator. Following the recommended upgrade procedure will assist you in exporting any deployed configurations to your system as a reference for newly configured deployments in the new version and prepare your system for a clean installation.
Note: For more information on upgrading to the newest version of SSL Orchestrator, see the SSL Orchestrator Installation and Upgrade video.
Note: If you do not export and undeploy your previous SSL Orchestrator deployments, as well as uninstall your previous version of the application, SSL Orchestrator will guide you through each step and assist in exporting any previously deployed configurations and cleaning your system for a new installation.
Note: If you are implementing a high availability environment for SSL Orchestrator, review the Setting up SSL Orchestrator in a High Availability Environment section for more detailed information.

Upgrading from a previous version of F5 SSL Orchestrator

To follow the upgrade workflow, make sure you have SSL Orchestrator versions 13.1.0-3.0 and 13.0.0-2.3 which contain export functionality.

F5 recommends you follow the workflow shown below when upgrading to the newest version of SSL Orchestrator from a previous version.

Note:

If you do not follow the F5 recommended upgrade procedure, or are upgrading from a version prior to 13.1.0-3.0 and 13.0.0-2.3, SSL Orchestrator will guide you through the upgrade scenario, providing warning messages and links to required tasks, as it assist you in activating and provisioning your newly installed resource.

  • Export currently deployed SSL Orchestrator configurations
  • Undeploy your currently deployed SSL Orchestrator application
  • Uninstall SSL Orchestrator
  • Install the new BIG-IP 14.0.0 ISO image
  • Boot into the new partition and activate the upgrade installation
  • Provision the newly activated resource

Exporting currently deployed F5 SSL Orchestrator configurations

Before you begin, make sure you are using SSL Orchestrator versions 13.0.0-2.3 and 13.1.0-3.0 which contain export functionality. SSL Orchestrator versions prior to those releases do not contain the export functionality.

By exporting previously successful deployment configurations as JSON files, you can examine their configuration settings prior to new deployments with SSL Orchestrator. This is recommended because SSL Orchestrator deployments configured in versions prior to 14.0.0-4.0 cannot be imported and used in the 14.0.0-4.0 version.

  1. Log in to SSL Orchestrator version 13.0.0-2.3 or 13.1.0-3.0.
  2. On the Main tab, click SSL Orchestrator > Configuration .
  3. On the menu bar, click Settings > Export Configs to view the export configuration settings. The Export Configurations screen opens.
    Note: If you do not have any previously saved deployments, no information displays.
  4. In the Export Configurations table, select a previously deployed configuration.
  5. Click Export.
    A dialog box pop-up opens showing the JSON configuration information to be exported and asks Do you wish to export the current SSL Orchestrator Configuration settings to a .json file?
  6. To export the current SSL Orchestrator settings into a JSON export file, click OK, or click Cancel to stop the export process.
  7. Type the file name of the JSON file to export.
  8. Click OK.
The configuration information you selected to export is downloaded to your local system as a JSON file for later use as a reference to your previous deployments. You are now ready to undeploy your SSL Orchestrator configuration.

Undeploying your currently deployed F5 SSL Orchestrator application

To undeploy your currently deployed configuration, do the following:

  1. On the Main tab, click SSL Orchestrator > Configuration . The General Properties screen opens.
  2. Click Undeploy.
Your entire SSL Orchestrator configuration is now removed from your system and you are ready to uninstall your SSL Orchestrator application.

Uninstalling F5 SSL Orchestrator

To uninstall your SSL Orchestrator application, do the following:

  1. On the Main tab, click SSL Orchestrator > Updates . The Updates screen opens.
  2. Under the Version field, click Uninstall.
  3. Click OK.
    Note: Do not click on any link underneath the SSL Orchestrator tab after you click OK or the system will automatically reinstall.
Your application is now removed from your system and you are ready to install the new BIG-IP 14.0.0 ISO image.

Installing the new BIG-IP 14.0.0 ISO image

The latest version of SSL Orchestrator (4.0) is included with the BIG-IP 14.0.0 ISO image. When you install the F5 BIG-IP 14.0.0 ISO image, the BIG-IP system installs the configuration of the currently active boot location on the target installation location.

If you have not already done so, download BIG-IP SSL Orchestrator:

  1. Go to https://downloads.f5.com and click Downloads. The Downloads Overview screen opens.
  2. Click Find a Download. The Select a Product Line screen opens.
  3. In the F5 Product Family column, find the Security section.
  4. In the Product Line column, click SSL Orchestrator. The Select a Product Version and Container for SSL Orchestrator screen opens.
  5. Select 14.0.0 from the list of BIG-IP version numbers and then click SSL Orchestrator. The Software Terms and Conditions screen opens.
  6. Click I Accept. The Select a Download screen appears.
  7. Click the appropriate filename to download BIG-IP SSL Orchestrator.
  8. To install BIG-IP SSL Orchestrator, on the Main tab, click System > Software Management > Image List . The Images List screen opens.
  9. From the Available Images section, select the check box next the to BIG-IP 14.0.0 ISO image.
  10. Click Install. The Install Software Image pop-up screen opens.
  11. In the Volume set name list, type a Boot Location name or number.
  12. Click Install. The Images List screen opens.
    Note: If necessary, click the browser Refresh button if the BIG-IP version 14.0.0 image does not appear in the Installed Images list.
  13. The BIG-IP installation is complete once the Install Status column for version 14.0.0 indicates complete.
You are now ready to boot into the new partition and activate the newly installed version of SSL Orchestrator.
Note: For complete step-by-step installation and upgrade instructions for BIG-IP, see the BIG-IP Systems: Upgrading Software document.

Booting into the new partition and activating the upgrade installation

To upgrade SSL Orchestrator to 14.0.0-4.0 when your system is partitioned with both 14.0.0-4.0 and a previous version, do the following:

  1. On the Main tab, click System > Software Management > Boot Locations . The Boot Locations screen appears.
  2. Click the Boot Location name you created in the Boot Location column for BIG-IP 14.0.0. The General Properties screen opens.
  3. Click Activate.
  4. Click OK.
Your newly changed system will reboot the BIG-IP device as it switches partition to the newest version.

Provisioning the newly activated resource

Your newly installed BIG-IP SSL Orchestrator must now be provisioned. After your system reboots, do the following:

  1. Use your previous SSL Orchestrator Username and Password to sign in. Click Log in. The Welcome screen opens.
  2. On the Main tab, click SSL Orchestrator > Updates . A warning message appears:
    SSL Orchestrator (SSLO) is not provisioned. Navigate to System > Resource Provisioning to provision the system.
    Note: If you click on any SSL Orchestrator menu item you will see the same warning message appear.
  3. Click the message link System > Resource Provisioning . The Resource Provisioning screen opens.
  4. In the Module column, locate SSL Orchestrator (SSLO) and select the check box in the Provisioning column. The Provisioning column will change from None to Nominal.
  5. Click Submit.
  6. Click OK. Your newly changed system will reboot the BIG-IP device as it provisions SSL Orchestrator.
  7. Click Continue.
  8. On the Main tab, click SSL Orchestrator > Updates . The Updates screen opens.
    Note: The SSL Orchestrator Version field will be blank.
  9. From the Install Method list, select the OnBox RPM file name.
  10. Click Install. The SSL Orchestrator Deployment Settings screen opens.
  11. To verify your newly installed and provisioned SSL Orchestrator version, on the Main tab, click SSL Orchestrator > Updates .
  12. The SSL Orchestrator Version field displays the newly installed and provisioned version number.
A new version of F5 BIG-IP SSL Orchestrator has been successfully installed and provisioned and you are ready to begin setting up a basic SSL Orchestrator deployment. Refer to the Setting Up an F5 SSL Orchestrator Basic Deployment section.
Note: If you do not follow the F5 recommended upgrade procedure, SSL Orchestrator will guide you through the upgrade scenario, providing warning messages and links to required tasks, as it assist you in activating and provisioning your newly installed resource.

Using the F5 SSL Orchestrator setup utility

Before you begin, make sure you set up a management IP address, netmask, and default routing on your system and that you have no license currently installed.
Note: If your BIG-IP configuration is not carried forward to your upgraded or newly installed partition for any reason, the F5® SSL Orchestrator™ Setup Utility may open. Follow the steps found in this section to complete the Setup Utility details.
Note: If at any time during your configuration you need to return to the SSL Orchestrator Setup Utility, simply click the F5 logo in the upper-left corner of the configuration utility, and on the Welcome screen, click the Run the Setup Utility link.
Note: Fields marked with a blue ribbon are required fields that must be completed before you can finish a task.
The SSL Orchestrator setup utility guides you through the basic, minimal setup configuration for SSL Orchestrator.
  1. On the Welcome screen, click Next.
  2. On the License screen, click Activate.
  3. In the Base Registration Key field, paste your SSL Orchestrator base license registration key and click Next.
  4. On the EULA screen, click Accept.
    The license activates and the system reboots for the configuration changes to take effect.
  5. After the system reboots, click Continue. The Resource Provisioning screen opens.
    Note: If you want to validate the installed license and the active and optional modules before proceeding, click Setup Utility > License . The License screen opens. Click Next to return to the Resource Provisioning screen.
  6. On the Resource Provisioning screen, an Informational message indicates that the selected modules are recommended for your current, active license.
  7. You may modify the selections as needed based on additional licenses that need to be recognized during provisioning.
  8. Click Next to indicate you accept the module setup and then click OK to provision the selected modules.
    Note: Reprovisioning may restart daemons or reboot the system causing lost connects.
  9. Click Continue. The Device Certificates screen opens where you can review Certificate Properties.
  10. Click Next. The Platform screen opens.
    You may also click Renew to launch a Device Certificates screen where you can make edits to the various fields.
  11. In the Host Name field, type the host name (example: bigip.f5.com).
  12. In the Root Account and Admin Account fields, type a respective password and then confirm it.
  13. Click Next.
  14. Click OK.
    Note: Since you have updated your password, you will be logged out. You must log in again with your new password before continuing.
  15. Log back in by typing your new password and click Log in. The Network Time Protocol NTP Configuration screen opens.
  16. Click Next. The Domain Name Server DNS Configuration screen opens.
  17. Click Next. The Forward Proxy Certificate screen opens.
  18. On the Forward Proxy Certificate screen, do the following to provide Forward Proxy Certificate and Key Source details.
    • In the Certificate Name field, maintain the default New radio button and type a name for the certificate (example: newCert).
    • In the Certificate Source field, maintain the default Upload File radio button and click Choose File. Select a certificate file from your local system and click Open.
    • In the Key Source field, maintain the default Upload File radio button and click Choose File. Select a key file from your local system and click Open.
    • In the Security Type field, maintain the Normal default setting.
  19. Click Finish.
You are now ready to proceed to the next part of the configuration where you follow additional recommendations to configure an SSL Orchestrator deployment. Refer to the Setting up an F5 SSL Orchestrator Basic Deployment section.

Undeploying your F5 SSL Orchestrator configuration

To undeploy your currently deployed configuration, do the following:

  1. On the Main tab, click iApps > Application Services > Application LX to determine if other deployed SSL Orchestrator applications from a previous version of SSL Orchestrator are still present on your system. The Application Service List screen appears.
  2. In the Status column, select the SSL Orchestrator application you wish to undeploy.
    Note: The Status column colors indicate the status of the application service that uses the associated iApp template.
    • Green circle: Indicates a successfully deployed application based on the associated iApp template. That also means that all data entered into the associated template's Questions and properties fields was successfully included.
    • Grey circle: Indicates an application that is not deployed, but is ready to deploy.
    • Red square: Indicates an application that did not completely deploy because of an error in the iApp template, so the application cannot be deployed.
  3. Click Undeploy.
Your selected configuration is now removed from your system and you are ready to uninstall your SSL Orchestrator application.

Cleaning up deployed applications

To cleanup and remove deployed applications so to create a new deployment, do the following:

  1. On the Main tab, click SSL Orchestrator > Updates. . The Updates screen appears.
  2. In the Applications field, select the deployed applications you wish to cleanup.
    Some check boxes, when selected, will auto-select other applications that are dependent on the parent application selected. Those application check boxes will appear greyed out and will not be able to be selected or deselected.
  3. Click Cleanup. A message appears under the cleanup button indicating your application name is being deleted.
Once the cleanup is complete, you can proceed to the Deployment Settings screen where you can create a new deployment. See the Setting Up an F5 SSL Orchestrator Basic Deployment chapter for F5's recommended basic deployment workflow and detailed steps.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information