F5 BigIP 11 – SSL Installation

Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system.

To Install your SSL certificate on F5 BigIP loadbalancer perform the following.

Step 1: Downloading your SSL Certificate & its Intermediate CA certificate:

1. If you had the option of server type during enrollment and selected Other you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate.
2. Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
3. Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .crt. Alternately F5 BigIP also gives you the capability to copy and paste your certificates for installation.
4. If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a .crt extension also.
   Note: Some CAs may require two intermediates for best compatibility. These two are to be copied within their own corresponding .crt files and installed one at a time in a repeated process for intermediate installation.

Step 2: Importing your SSL certificate:

1. Launch the F5 BigIP management console
2. Under Local Traffic select SSL Certificates.
3. Click on the name you assigned to the certificate under General Properties while Back when you created the CSR for this certificate.
4. Browse to the your_domain_name.crt SSL certificate file. and then Click Open. Alternatively you can also paste your SSL certificate into the field it provides by selecting Paste Text.
5. Click Import.
   

Step 3: Importing your CA Intermediate Certificate:

1. In the F5 BIGIP management console, choose Local Traffic, then SSL Certificates, and then click Import.
2. Under Import Type, choose Certificate, then Create New.
3. Specify a name for this intermediate CA.
4. Browse to the Intermediate CA .crt file that you created from step 1 of these instructions, click Open. Alternatively you can also paste the Intermediate CA into the field it provides by selecting Paste Text.
5. Click Import.

Step 4: Configuring the your Loadbalancer:

1. Create or open the SSL profile that you will be using with the SSL certificate.
2. Click on Advanced from the drop-down menu, under the Configuration window.
3. Select the new SSL certificate public/private key pair.
4. Under the Chain section, browse for the intermediate CA certificate friendly name that you chose during Step 3 and click on Save and Exit.
   Your F5 BigIP loadbalancer is now configured with your SSL certificate

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

F5 Support

For more information reference F5