To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public/private key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR and certificate must all match in order for the installation to be successful.
To create a new CSR for your F5 FirePass controller perform the steps below:
Step 1: Generating your CSR & Privatekey:
- Open the Admin Console.
- Click Server.
- Click Security.
- Select the Certificate link.
- Select Generate a New Certificate Request.
- Specify the following information:
- Server Name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or for wildcard certificate *.domain.com). IP’s are not accepted for enrollment of a CA SSL Certificate
- Country Name: City, state, and country where the organization is located. Do not abbreviate.
- State: State, or Province where the organization is located. Do not abbreviate.
- City: City where the Organization is located. do not abbreviate.
- Company: The full legal name of the organization.
- Organizational Unit:A department name, such as ‘Information Technology’.
- Contact Email: Your email.
- Expiration: This can be ignored. The CA specifies the time interval during which the signed certificate is valid. This can be ignored.
- In the Encryption Password and Confirm Password boxes, type the password for the FirePass controller to use to encrypt the generated private key. A password must be at least four characters long.
Note: Make a note of the password you specify; you will need this password when you install the signed certificate.
- Click Generate Request.
- Click the here link to download the CSR
- Download the Certificate Request file. It should be in ZIP format and will contain the CSR and the private key. Unzip the files and store the new.key private key in a secure location you will need it for installation.
- Open the newcert.csr CSR file in a text editor to access the CSR. you will be required to copy and paste the entire CSR during enrollment of a SSL Certificate.
You have generated your CSR for F5 FirePass and can now proceed with enrollment
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.
For more information refer to F5