sslsd-logo

How to move SSL Certificate from F5 BIG-IP to F5 BIG-IP Loadbalancers

Like all systems You need both the public key and private keys for an SSL certificate to work properly on any system.  We will start by assuming that you have already successfully installed the SSL certificate on one F5 BIG-IP web server.

To backup, export, and move your SSL certificate and private key from one F5 BIG-IP system to another F5 BIG-IP system perform the following.

Step 1: Exporting your SSL certificate and Private key:
You will perform the first steps in the process on the F5 BIG-IP system that already has the SSL certificate and Private key installed.

Exporting your SSL certificate:

  1. Log in to your F5 BIP-IP Configuration utility.
  2. On the Main tab of the navigation pane, expand Local Traffic and click SSL certificates. This displays a list of certificates installed on the system.
    Note: Some Big IP systems may have this as its navigation instead Navigate to System > File Management > SSL Certificates List.
  3. Click the desired certificate name that is for your SSL certificate.
  4. Click Export.
  5. On the Certificate Export screen, click Download.

Exporting your CA Intermediate certificate:
Note:
Some CA require a Intermediate CA certificate to be installed with the SSL certificate this is responsible to aiding the SSL certificates Trust.If it is not already installed on this system then you may have to seek the support of your Certificate Authority for it for installation.

  1. Back under the SSL Certificates List.
  2. Click the desired certificate name that is for your this SSL certificate.
  3. Click Export.
  4. On the Certificate Export screen, click Download.

Exporting your Private key:

  1. Back under the SSL Certificates List.
  2. Click the desired certificate name.
  3. Select the Key tab at the top of the page.
  4. Click Export.
  5. On the Certificate Export screen, click Download.

You have successfully exported your SSL certificate and private key. You will move these two files to your second system.

Step 2: Importing your SSL certificate and Private key on your second F5 BIG-IP system:
You will perform the next steps in the process on the second F5 BIG-IP system.

Importing your SSL Certificate:

  1. On the Main tab of the navigation pane, expand Local Traffic, and click SSL certificates. This displays the list of certificates installed on the system.
    Note: Some Big IP systems may have this as its navigation instead Navigate to System > File Management > SSL Certificates List.
  2. In the upper-right area of the screen, click Import.
  3. From the Import Type list, select Certificate.
  4. For the Certificate Name setting, click Create New.
  5. In the Certificate Name box, type the name for the certificate.
  6. From the Certificate Source setting, click either Upload File or Paste Text. If you click Upload File, type a file name or click Browse and select the file.

Importing your Private key:

  1. Back under SSL certificates in the upper-right area of the screen, click Import.
  2. From the Import Type list, select Key.
  3. For the Key Name setting, click Create New.
  4. In the Key Name box, type a name for the key.
  5. From the Key Source setting, click either Upload File or Paste Text. If you click Upload File, type a file name or click Browse and select the file.

Importing your CA Intermediate Certificate:

  1. Back under SSL certificates in the upper-right area of the screen, click Import.F5 BigIP
  2. Under Import Type, choose Certificate, then Create New.
  3. Specify a name for this intermediate CA.
  4. Browse to the Intermediate CA .crt file that you created from step 1 of these instructions, click Open. Alternatively you can also paste the Intermediate CA into the field it provides by selecting Paste Text.
  5. Click Import.
    F5 BigIP

Step 4: Configuring the your Loadbalancer:

  1. Create or open the SSL profile that you will be using with the SSL certificate.
  2. Click on Advanced from the drop-down menu, under the Configuration window.
  3. Select the new SSL certificate public/private key pair.
  4. Under the Chain section, browse for the intermediate CA certificate and click on Save and Exit.

Your F5 BigIP loadbalancer is now configured with your SSL certificate

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

F5 Support

For more information reference F5

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »