0
0



Both Apache and F5 uses x509 pem/crt certificate files for its configurations. You will follow these steps to copy, move and import your files from Apache to F5 system.

Apache systems are very customizable. The directory location and naming of the individual files needed vary depending on your personalized system. Below are generalized instructions. You will have to apply these examples to your own environment. 

We will start by assuming that you have already successfully installed the SSL certificate on one Apache web server.

Step 1: Finding/converting your SSL certificate and key file on Apache:

  1. Referencing the httpd.conf or ssl.conf  file on the Apache system look for the location and directories of the three files necessary on the Apache system that has the installed SSL certificate. “Of course remember your naming’s of these files and their directories MAY differ”
    • SSLCertificateFile /usr/local/ssl/crt/public.crt
      SSLCertificateFile tells Apache how to find the the SSL certificate file.
    • SSLCertificateKeyFile /usr/local/ssl/private/private.key
      SSLCertificateKeyFile tells Apache how to find the private key file.
    • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
      SSLCertificateChainFile
      or SSLCACertificateFile tells Apache the location of the Intermediate file.
      apache

  2. Copy these three files and back them up on a removable media USB drive or an alternate drive directory that can be accessed by the F5 system you are moving to.

Step 2: Importing your SSL certificate, Intermediate, and Private key on your F5 BIG-IP system:
You will perform the next steps in the process on the second F5 BIG-IP system.

  1. Importing your SSL Certificate:
    1. On the Main tab of the navigation pane, expand Local Traffic, and click SSL certificates. This displays the list of certificates installed on the system.
      Note: Some Big IP systems may have this as its navigation instead Navigate to System > File Management > SSL Certificates List.
    2. In the upper-right area of the screen, click Import.
    3. From the Import Type list, select Certificate.
    4. For the Certificate Name setting, click Create New.
    5. In the Certificate Name box, type the name for the certificate.
    6. From the Certificate Source setting, click either Upload File or Paste Text. If you click Upload File, type a file name or click Browse and select the file.
  2. Importing your Private key:
    1. Back under SSL certificates in the upper-right area of the screen, click Import.
    2. From the Import Type list, select Key.
    3. For the Key Name setting, click Create New.
    4. In the Key Name box, type a name for the key.
    5. From the Key Source setting, click either Upload File or Paste Text. If you click Upload File, type a file name or click Browse and select the file.
  3. Importing your CA Intermediate Certificate:
    1. Back under SSL certificates in the upper-right area of the screen, click Import.F5 BigIP
    2. Under Import Type, choose Certificate, then Create New.
    3. Specify a name for this intermediate CA.
    4. Browse to the Intermediate CA .crt file that you created from step 1 of these instructions, click Open. Alternatively you can also paste the Intermediate CA into the field it provides by selecting Paste Text.
    5. Click Import.
      F5 BigIP

Step 3: Configuring the your Loadbalancer:

  1. Create or open the SSL profile that you will be using with the SSL certificate.
  2. Click on Advanced from the drop-down menu, under the Configuration window.
  3. Select the new SSL certificate public/private key pair.
  4. Under the Chain section, browse for the intermediate CA certificate and click on Save and Exit.

Your F5 BigIP loadbalancer is now configured with your SSL certificate

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

F5 Support

For more information reference F5

LoadingAdd to favorites


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.