Ask a Question

General Information ID : INFO1995

Certificate Signing Request (CSR) Generation Instructions for F5 BIG-IP version 11.x

Description


This document provides CSR generation instructions for F5 BIG IP version 11.x. If this document can not be used on the server, RapidSSL recommends contacting the server vendor or the organization, which supports F5.

NOTE: As of 1/1/2016 all public certificates must be issued as SHA-256 with at least a 2048 bit key size.  Starting from BIG-IP version 11.5.0, the default algorithm used to generate a CSR is SHA-256.

To create a new Certificate Signing Request, perform the steps below:

  1. Log in to the Configuration Utility
  2. On the left panel, navigate to System > File Management
  3. Choose SSL Certificate List
  4. Click Create
  5. Fill the form to generate the CSR



    - Name: Give a name for the SSL Certificate which will be the name displayed within Big IP. The name should not have any spaces.
    - Issuer: Click on the drop-down and select Certificate Authority.
    - Common name: FQDN (fully-qualified domain name) of the server (Example, www.rapidssl.com or for wildcard certificate *.rapidssl.com).
    - Division: This is also referred as the Organizational Unit.
    - Organization: Use the legally registered organization or business name that your company operates as.
    - Locality, State or Province, Country: City, state, and country where the organization is located. Do not abbreviate the state or province.
    - E-mail Address: Contact email address.  It is not recommended to include an email address in the CSR.
    - Subject Alternative Name: Please leave this field blank as RapidSSL does not support custom SANs.
    - Challenge Password, Confirm Password: Do not enter a challenge password. Leave the challenge password blank.
    - Key Size: The key size must be 2048 or 4096 bits for all SSL Certificates.
  6. Click Finished
  7. Verify your CSR

    Copy the CSR (including the BEGIN and END tags) as seen below:

               -----BEGIN CERTIFICATE REQUEST-----
                  
                           [encoded data]

               -----END CERTIFICATE REQUEST-----

  8. Proceed with the enrollment and paste the CSR in the required field.         


Contact Information

During the verification process, RapidSSL may need to contact your organization.  Be sure to provide an email address, phone number and fax number that will be checked and responded to quickly. These fields are not part of the certificate.
 

Once the SSL Certificate has been issued, refer to this link for installation instructions.


F5 Support

For additional information, refer to F5's KB solution: SOL14620