Ask a Question

Advanced Search

Solution ID : SO16517

Last Modified : 05/02/2018

Managed PKI for SSL - Installation Instructions for F5 BIG-IP version 11.x

Solution

This document provides installation instructions for F5 BIG IP 11.x. If you are not able to perform the steps on your server, Symantec recommends to contact the server vendor or the organization, which supports F5.

Step 1: Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved the Certificate request, the Symantec certificate will be sent by email. The certificate is available as a download link, an attachment (Cert.cer), and pasted at the bottom of the email body.
  2. If copying the certificate in the body of the email, paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters.  Confirm that there are no extra lines or spaces in the file.

    The text file should look like:
    -----BEGIN CERTIFICATE-----
              [encoded data]
    -----END CERTIFICATE-----

    Click here to download the certificate from your Managed PKI for SSL subscriber services page.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the certificate as certificate.pem.


Step 2:  Install the SSL Certificate

  1. On the left panel, navigate to System >  File Management.
  2. Choose SSL Certificate List.
  3. From the list, click on the pending request (the label from when you generated the CSR).
  4. Click on Import.


     
  5. Click Upload file.
  6. Click on Browse.
  7. Locate the SSL certificate file then click OK.
  8. Click on Import.


     

Step 3:  Download and Import Symantec Intermediate CA certificate 

  1. Download the Intermediate CA certificate from this link.
  2. Click on the Managed PKI for SSL tab.
  3. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: To check which SSL product has been purchased, perform the steps from this link.
  4. Copy the Intermediate CA certificate and paste it in a plain text editor such as Notepad.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE, and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  6. Save the file as Intermediate.pem.
  7. On the left panel, navigate to System > File Management > SSL Certificate List.
  8. Click SSL Certificate List.
  9. Click on Import (button to the right).


     
  10. Click Certificate on the dropdown. Click Create New and give a name for the certificate in the box below.
  11. Click Upload File and click Browse.

  12. Locate the Intermediate.pem file then click OK.
  13. Click on Import.

     

Step 4:  Updating the SSL Profile

  1. On the left panel, navigate to Local Traffic > Profiles > SSL > Client.
  2. From the list, select the SSL profile for your website.
  3. For Configuration, choose Advanced from the dropdown.
  4. Select from the dropdown the Certificate and Key imported from the previous step.
  5. Under Chain, select from the dropdown the CA intermediate previously imported.


     
  6. To apply the changes, scroll down to the bottom of the page and click Update.
  7. Verify your installation with the Symantec SSL Certificate Checker.

 

F5 Support

          For additional information, refer to F5's KB solution: SOL13302