Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Let's Encrypt on F5 Big IP - F5 validation

Dear All,

I can find some tutorials provided by the community, but I can't find any official documentation coming from F5.

Is Let's Encrypt validated by F5 for Big IP ?

Thank you. Nicolas

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Nicolas,

What should F5 validate? Let's Encrypt is a free, automated, and open certificate authority. it's an independent process of F5, If you want to provide/host a service with cert generate by this CA in F5 you have to set chain and validation should be done by your Browser...

Regards

0
Comments on this Answer
Comment made 4 months ago by Shann_P 355

I think the confusion (at least for me) is the shell scripts that need to be created on the automation side in order to get it to work. I know that DevCentral has done a piece on getting Let's Encrypt to work on the F5 but it doesn't appear as straight-forward as importing a cert and key into File Management and attaching it to a profile.

If you attempted to create the shell scripts and something broke, could you call up support and get help?

https://devcentral.f5.com/articles/lightboard-lessons-automating-ssl-on-big-ip-with-lets-encrypt-21475

0
Comment made 4 months ago by youssef 2372

Thank you for the clarification!!!

0
Comment made 4 months ago by Shann_P 355

No problem. As I'm not an experienced Linux user, I've been hesitant to set this up. I do have a test environment that I can test in but the real question for me resolves around support and if there is any via F5.

0
Comment made 4 months ago by nicolas t 1

Thanks to Youssef for your fast answer Thanks to shann for the clarification.

And, I understand that F5 let me install any certificat I want. I'm surprised that F5 does not provide any official package/script, when some others solutions (not good as Big IP) does. Let's encrypt without automatic renewal will limit the usage.

Did you find any official article from F5 ?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There doesn't appear to be an official supported method for F5 BIG-IP at the moment. in general running things on a schedule is not something the BIG-IP platform support natively easily. so you either work it out with the dev central provided info or built something yourself. and no, that won't be supported, they will help you up to some point.

0
Comments on this Answer
Comment made 4 months ago by Shann_P 355

Thanks Boneyard! That's what I thought but wasn't 100% sure if they would support it.

0