Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Public Key( CSR ) generation for SSL certificate in F5

Hi Friends,
In past, we are sucessfully creating SSL certifiacte in F5 through generating RSA private key and send this key to our internal CA (Certifying Authority) who generates SSL certificate for us then we import this certificate to our F5 device. And all works fine.

Now the problem is we have one client whose requirements is different hence we need to generate ssl certifiacte from third party vendor (verisign) for us. For this, vendor (verisign) requires public key(CSR file) for creating SSL certifiacte for us.

Kindly provide us the procedure to generate Public key (CSR file) in F5.

As per our knowledge only private key is generated by F5. Kindly suggest us that there is any other options to generate public key in F5 device.

Thanks
1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Dilip,
Are you referring to create a CSR file from BigIP?.

To generate -
Main tab, expand Local Traffic, and click SSL Certificates.
On the upper-right portion of the screen, click Create.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Moving to ADVDC General Discussion
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
As Renith suggested, you can generate a new private key and a CSR via the GUI. You could also do this using openssl or any other cert/key tool if you wanted to. You would then import the key (and cert once you receive it from the CA).

Aaron
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi ,
Thanks a lot friends,
Now i got the CSR file which is under /config/ssl/ssl.csr folder.

Actually i need public key ( also known as CSR file) which i m not able to see through GUI. Only private key i m able to download through GUI (as per i known).

If there is any way to get CSR file from GUI itself then kindly let me know.

Thanks again
Dilip
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Dilip,
Create the CSR file from the GUI (that's the way I did it), download the CSR file and then on Verisign's website you can upload it here. They will then send you back the signed certificate for you to re-import. I remember when I did this I had to convert it from a .pfx file to a .pem file first (sol6549) and then the instructions said to split into it's 2 parts (cert and key) but this didn't work for me. I just did an import of the .pem file and this worked a treat to create the two parts.
N
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Jason, need some help...

1- How do you generate a CSR certificate in PEM Format ( in F5-A) to be sent to CA?
2- How do you import a certificate received from CA  to a second machine (F5-B)?

Thanks


bauke
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Solution 10167 (Click Here) links to several other solutions that should help you achieve your request. Assuming F5-A and F5-B are an HA pair, then you just sync the box to copy over once te certificate is installed.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hello All,

Can any one tell me that while generating .CSR one key associated with that .CSR is generated. Is it a public key or private key??

Regards,

Ashish Takawale.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Ashish

When doing a CSR the F5 will create a private/public key pair. It will generate a key file - which will be the private key and a CSR which will include the public key - you send this to the Certificate Authority, for example.

Hope this helps,
N
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Thanks Nathan could you please let me know how this public and private key works?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
could you please let me know how this public and private key works?
it is normal public key infrastructure.

SSL FAQ
http://www.sslshopper.com/ssl-faq.html
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
thanks...
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

https://support.f5.com/csp/article/K13349

Please check this article as I also needed the Public key and I got it

openssl s_client -connect the.host.name:443 | openssl x509 -pubkey -noout

Use the.host.name use VIP for this eg. 10.12.12.11:443

0