Add ssl intermediate cert from F5 LTM Web GUI?

What do you mean you cannot import intermediate CA? Are you getting any error messages? There are no restrictions in the WebGUI, you do it in the same place: LTM/SSL Certificates you should be able to import it without any problems. Then in order to USE IT you need to select it in your clientssl profile. Have a look at the LTM documentation - Configuration Guide for LTM

 

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_ssl_profiles.html1316530

 

 

Hi. Yes, I did the same procedure show from your link when import key and cert.

 

 

I click "ssl cert" from LT side menu. Then I click "import" button. Then I select "Key" from import type selection, enter Key name and paste the private key content as "parse text". Then it created a new entry on the cert list.

 

 

So I click on that new entry and it says no certificate source so I click "import". Then I paste the certificate data as certificate source and click "import". Then it completed the ssl certificate and when I click the entry from the list it shows the cert info just like from the screenshot.

 

 

But if I import again for the intermediate CA from 2nd previous step it returns "Import Failed: Keys do not match" but this is the intermediate CA cert I used to install from another server. It was okay but in here I can't import.

 

 

Do I import the CA cert there? Or there's other place I install the CA cert?

 

 

I've attached another screenshot. Thanks.

 

"Keys do not match" is an error if you are trying to attach a private key to a wrong certificate. F5 LTM ties certificates with keys using the name,it looks to me you are trying to name your intermediate certificate on F5 box using the same name as your website certificate. When importing your intermediate CA cert call it differently.i.e. "RapidSSL_Intermediate_CA".

 

Hi. I'm not sure what you mean. Because when I go to existing cert I created I go to import cert I can't edit/create name.

 

 

Do you mean import a new cert? I import a new cert which is the ca cert with no key. As you can see on the screenshot it's a the top but how can I set it as part of the cert "test.miccheung.com"?

 

 

Thank you.

 

Yes, you must first import your intermediate CA cert as a SEPARATE cert, which you have already done based on your screenshot. In order to link it with your main test.miccheung.com ssl cert and key you have to create a ClientSSL profile under Profiles->SSL->Client. It is all pretty easy and straightforward. Please read the F5 documentation - I have already posted a link in one of my posts above.