Installing your SSL: F5 BIG IP

To install your SSL certificate, you will need to do the following:

Installing certificates from the certificate authority

Copy the certificate into each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.

Install certificates using the Configuration Utility

  • Step 1 of 5

    In the navigation pane, click Proxies.

  • Step 2 of 5

    On the Proxies screen, click the Install SSL Certificate Request tab.

  • Step 3 of 5

    In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt.

  • Step 4 of 5

    Paste the text of the certificate into the install SSL Certificate window. Make sure you include the following:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-------

  • Step 5 of 5

    Click the Write Certificate File button to install the certificate.

Install certificates from the certificate authority using the command line

  • Step 1 of 2

    Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:

    /config/bigconfig/ssl.crt/

    Please note: The certificate you receive from us should overwrite the temporary certificate generated by genkey or gencert.

  • Step 2 of 2

    If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:

    /config/bigconfig/ssl.key/

  • Install the intermediate certificate using the command line

    Step 1 of 5

    Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system.

  • Step 2 of 5

    Open the intermediate CA certificate sent to you in the zip file attached to your email with a text editor.

  • Step 3 of 5

    Copy the entire text of the certificate, including the following:

    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-------

  • Step 4 of 5

    Paste the text into a text editor and name it intermediate-ca.crt.

  • Step 5 of 5

    Place the intermediate-ca.crt file in the directory:

    /config/bigconfig/ssl.crt/

Please note: The ssl.crt directory is used to store certificates and certificate authorities.

WARNING: In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.