To install your Thawte Certificate on Big IP F5 9.x follow the instructions below:
This document provides instructions for installing Thawte Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Big IP F5 9.x.
Step 1: Obtain the Thawte Intermediate CA certificate
- Download the Thawte Intermediate CA from the following solution: INFO1384
- Copy and paste the Thawte Intermediate CA into a text file and then save the file "intermediate.crt".
Place the intermediate.crt file in the directory: /config/bigconfig/ssl.crt. The full path to the file is: /config/bigconfig/ssl.crt/intermediate.crt
In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
Step 2: Install the Thawte SSL123 Certificate
- Download your certificate as per the instruction on the following solution: SO13187
- Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
- In the navigation pane, click Proxies.
- On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
- In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to Thawte, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from Thawte.
- Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
- Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.
Step 3: Establish the trust chain: The proper Intermediate CA certificate must be set to ensure a complete chain of trust.
- Create the SSL Profile
- Select the proper certificate and CA
- Open the SSL Profile
- Within the Configuration, select Advanced
- Select the appropriate certificate for your website
- Select the corresponding private key
- Within Trusted Certificate Authorities or Chain, select the Intermediate named "EV_intermediate"
- Save and Close Properties
NOTE: Please refer to the screenshot of the F5 Big-IP interface
For additional information, please refer to F5's knowledge base solution: SOL6401 - Configuring the BIG-IP to use an SSL chain certificate
Step 4: Test the certificate installation:
To verify if your certificate is installed correctly, use the Thawte Installation Checker