Installing your SSL: F5 BIG IP

To install your SSL certificate, you will need to do the following:

Installing certificates from the certificate authority

Copy the certificate into each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.

Install certificates using the Configuration Utility

1

In the navigation pane, click Proxies.

2

On the Proxies screen, click the Install SSL Certificate Request tab.

3

In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt.

4

Paste the text of the certificate into the install SSL Certificate window. Make sure you include the following:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-------

5

Click the Write Certificate File button to install the certificate.

Install certificates from the certificate authority using the command line

1

Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:

/config/bigconfig/ssl.crt/

Please note: The certificate you receive from us should overwrite the temporary certificate generated by genkey or gencert.

2

If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:

/config/bigconfig/ssl.key/

Install the intermediate certificate using the command line

1

Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system.

2

Open the intermediate CA certificate sent to you in the zip file attached to your email with a text editor.

3

Copy the entire text of the certificate, including the following:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-------

4

Paste the text into a text editor and name it intermediate-ca.crt.

5

Place the intermediate-ca.crt file in the directory:

/config/bigconfig/ssl.crt/

Please note: The ssl.crt directory is used to store certificates and certificate authorities.

WARNING: In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.

Answer options

Your feedback was successfully added.

Answer tracking

Track

Watch the content of this article for changes.