F5 Big IPController CertificateInstallation
Installing certificates from the certificate authority
For Positive SSL certificate, You will be receiving the following files:Root AddTrustExternalCARoot.crt
Intermediate CA UTNAddTrustServerCA.crt
Intermediate CA PositiveSSLCA.crt
domain/site certificate yourdomainname.crt
Afteryou obtain an x509 certificate from a certificate authority for the SSL Accelerator, you must copy it onto each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.
To install certificates using the Configuration utility
In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Install SSL Certificate Request tab. the install SSL Certificate screen opens.
In the Certfile Name box,type the fully qualified domain name of the server with the fileextension .crt. If you generated a temporary certificate when you submitted a request to the certificate authority, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from the certificate authority.
Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGINCERTIFICATE line and the END CERTIFICATE line.
Click the Write Certificate File button to install the certificate.
To install certificates from the certificate authority using the command line
Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:
/config/big config/ssl.crt/
Note:The certificate you receive should overwrite the temporary certificate generated by genkey or gencert.
If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:
/config/big config/ssl.key/
To install the intermediate certificate using the command line:
please use the Intermediate CA certificate that came with your sitecertificate in the zip file.For positive ssl certificate, in additonal to your domain certificate you will be receiving 3 more files.For F5 Big IP Controller you should use the following two certificates:
Intermediate CA UTNAddTrustServerCA.crt
Intermediate CA PositiveSSLCA.crt
Copy the intermediate certificate (UTNAddTrustServerCA.crt) into each BIG-IP Controller in a redundant system. Open the UTNAddTrustServerCA.crt with a text editor. Cut and paste the entire text of the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines. Like so;
"-----BEGIN CERTIFICATE-----"
and
"-----END CERTIFICATE-----"
Next, open the second intermediate certificate, PositiveSSLCA.crt. Repeat the process and paste into the same document. Your fin al doc should look something like this:
-----BEGIN CERTIFICATE-----
MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBFQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQUgQ3liZXJU
.....
zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1EqlzWINlVqvaDj
vA2AOurM+5pX7XilNj1W6tHndMo0w8+xUengDA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIQTM1KmltFEyGMz5AviytRcTANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
.....
zg5G8t6P2jt9HpOs/PQyKw+rAR+lQI/jJJkfXbKqDLnioeeSDJBLU30fKO5WPa8Y
Z0nf1R7CqJgrTEeDgUwuRMLvyGPui3tbMfYmYb95HLCpTqnJUHvi
-----END CERTIFICATE-----
Save the file as 'intermediate-ca.crt'
Be careful not to include any leading or trailing whitespace before the beginning and ending hyphens.
Place the intermediate-ca.crt file in the directory /config/big config/ssl.crt/
Note:The ssl.crtdirectory is used to store certificates and certificate authorities.
WARNING:Ina redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Your Privacy Choices