.pem format has to be used for SSL offload?

In 10.2 or so, you can import a PKCS7 cert/key via the SSL certificates page in the GUI. They'll be converted to PEM format. Is your .cer cert/key a DER format? If so, you can use openssl on LTM or off the box to convert:

 

 

DER

 

openssl x509 -inform der -in certificate.cer -out certificate.pem

 

 

PCKS12

 

openssl pkcs12 -in certificate.pfx -nodes -out certificate.pem

 

 

For more info, you can search on AskF5.com for convert certificate or search online for openssl convert certificate.

 

 

If you'd like to see the GUI handle this more gracefully, you could open a case with F5 Support and request an enhancement.

 

 

Aaron

Hi Aaron,

 

 

Does 10.2 support PKCS7? Do I misremember or isn't document updated?

 

 

sol6549: Converting PKCS certificates to PEM format for use with the BIG-IP

 

http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6549.html

 

 

/Nitass

We actually support importing of PKCS12 certs in the GUI from 10.1.0. To convert a PCKS7 or DER archive to PEM format you can use openssl and then import via the GUI or copy the files to /config/ssl/ssl.crt/ and /config/ssl/ssl.key/.

 

 

Aaron