Ask a Question

Solution ID : SO15238

Install a QuickSSL Premium certificate on F5 Big IP Controller 9.x

Problem

How to install a GeoTrust Trial certificate on F5 Big IP Controller 9.x
How do I install a QuickSSL Premium certificate on F5 Big IP Controller 9.x

Solution

This document provides installation instructions for Big IP F5 9.x server.  If you are unable to use these instructions for your server, GeoTrust] recommends that you contact the server vendor or the organization, which supports Big IP F5 9.x server.

To install your QuickSSL Premium certificate on Big IP F5 9.x, follow the instructions below:
 
Step 1:  Obtain the GeoTrust DV CA Certificate
 
a) Download the GeoTrust DV CA from the following solution: INFO1421
 
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
 
b) Copy and paste the GeoTrust DV CA into a text file and save as "intermediate.crt"
 
Place the intermediate.crt file in the directory: /config/bigconfig/ssl.crt. The full path to the file is: /config/bigconfig/ssl.crt/intermediate.crt
 
In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
 
 
Step 2:  Install the certificate
 
  1. Download your certificate as per the instruction on the following solution:
    • GeoTrust Security Center, refer to solution SO22158
    • GeoTrust Enterprise Security Center, refer to solution SO21128
    • GeoTrust User Portal (e.g., certificate purchased through Retail or Partners), refer to solution SO15168
       
  2. In the navigation pane, click Proxies.
     
  3. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
     
  4. In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to us, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate received from us.
     
  5. Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
     
  6. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

Step 3:  Establish the trust chain:  The proper Intermediate CA certificate must be set to ensure a complete chain of trust.
 
  1. Create the SSL Profile
     
  2. Select the proper certificate and CA
     
  3. Open the SSL Profile
     
  4. Within the Configuration, select Advanced
     
  5. Select the appropriate certificate for your website
     
  6. Select the corresponding private key
     
  7. Within Trusted Certificate Authorities, select the  Intermediate  named "intermediate.crt"
     
  8. Save and Close Properties
For additional information, please refer to F5's knowledge base solution: SOL6401 - Configuring the BIG-IP to use an SSL chain certificate