Ask a Question

Solution ID : SO15239

Last Modified : 05/02/2018

Install a certificate on F5 Big IP Controller 9.x

Problem

How do I install a GeoTrust SSL certificate on F5 Big IP Controller 9.x
How do I install a Wildcard certificate on F5 Big IP Controller 9.x

Solution

This document provides installation instructions for F5 Big IP Controller 9.x server. If you are unable to use these instructions for your server, GeoTrust recommends that you contact the server vendor or the organization, which supports F5 Big IP Controller 9.x.
 

To install your certificate on Big IP F5 9.x, follow the instructions below:
 
This document provides instructions for installing certificates. If you are unable to use these instructions for your server, we recommend that you contact either the vendor of your software or an organization that supports Big IP F5 9.x server.
 
 
Step 1: Obtain the GeoTrust Intermediate CA Certificate
 
 
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
 
b) Copy and paste the GeoTrust Intermediate CA Certificate into a text file and save as "intermediate.crt"
 
Place the intermediate.crt file in the directory: /config/bigconfig/ssl.crt. The full path to the file is: /config/bigconfig/ssl.crt/intermediate.crt
 
In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
 
 
Step 2: Install the certificate
  1. Download your certificate as per the instruction on the following solutions.
     
  2. In the navigation pane, click Proxies.
     
  3. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
     
  4. In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to us, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate received from us.
     
  5. Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
     
  6. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.
     
Step 3: Establish the trust chain:  The proper Intermediate CA certificate must be set to ensure a complete chain of trust.
 
  1. Create the SSL Profile
     
  2. Select the proper certificate and CA
     
  3. Open the SSL Profile
     
  4. Within the Configuration, select Advanced
     
  5. Select the appropriate certificate for your website
     
  6. Select the corresponding private key
     
  7. Within Chain or Trusted Certificate Authorities, select the  Intermediate  named "intermediate.crt"
     
  8. Save and Close Properties

For additional information, please refer to F5's knowledge base solution: SOL6401 - Configuring the BIG-IP to use an SSL chain certificate