Ask a Question

Solution ID : SO14908

How to install an EV SSL WebServer Certificate on Big IP F5 9.x

Solution

To install your EV Web Server Certificate on Big IP F5 9.x follow the instructions below:

This document provides instructions for installing Thawte SSL Web Server Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Big IP F5 9.x.

Step 1: Obtain the Thawte EV Web Server Intermediate CA certificate

  1. Download the EV Intermediate CA from the following solution: INFO1384
  2. Copy and paste the EV Intermediate CA into a text file and then save the file "EV_intermediate.crt". 
  3. Place the SSLWeb_intermediate.crt file in the directory: /config/ssl/ssl.crt. The full path to the file is: /config/ssl/ssl.crt/EV_intermediate.crt

 Note: In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
 

Step 2: Install the EV Certificate

  1. Download your certificate as per the instruction on the following solution: SO13187
     
  2. Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
     
  3. In the navigation pane, click Proxies.
     
  4. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
     
  5.  In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to Thawte, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from Thawte.
     
  6. Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
     
  7. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

Step 3: Establish the trust chain:  The proper Intermediate CA certificate must be set to ensure a complete chain of trust. 

  1. Create the SSL Profile

  2. Select the proper certificate and CA

  3. Open the SSL Profile

  4. Within the Configuration, select Advanced

  5. Select the appropriate certificate for your website

  6. Select the corresponding private key

  7. Within Trusted Certificate Authorities or Chain, select the  Intermediate  named "EV_intermediate"

  8. Save and Close Properties

     

 

NOTE: Please refer to the screenshot of the F5 Big-IP interface

For additional information, please refer to F5's knowledge base solution: SOL6401 - Configuring the BIG-IP to use an SSL chain certificate