Importing existing wildcard?

Question

Dev,&nbsp;
 &nbsp;
So we have an existing Geotrust apache wildcard cert for our site. Cane I import this into the LTM? Would that break the existing cert? I'm completely new to certs and I'm not sure what I can and can't do in that regard. Can I generate a new CSR from the LTM, and send that to a CA without it causing havok?&nbsp;

hooleylist · Answer

Hi, 
&nbsp;  
&nbsp; Can I import this into the LTM? 
&nbsp;  
&nbsp; yes 
&nbsp;  
&nbsp; Can I generate a new CSR from the LTM, and send that to a CA without it causing havoc? 
&nbsp;  
&nbsp; That's okay too, but you don't need to generate a new CSR if you already have a cert/key generated. 
&nbsp;  
&nbsp; You can search on AskF5 for 'import ssl certificate' filtering on your LTM version to get more info. 
&nbsp;  
&nbsp; Aaron

wixxyl_98682 · Answer

So it looks like the process is really straightforward. Does it matter that it's an Apache cert? or does the F5 even care? If that's all it is, I just need to import the key and the cert and I'm done?

nitass · Answer

Does it matter that it's an Apache cert? or does the F5 even care?it does not matter. 
&nbsp;  
&nbsp; Important: The BIG-IP system uses certificates and keys in the PEM format. In BIG-IP versions prior to 10.1.0, all certificates and keys must be converted prior to importing. For more information, refer to SOL6549: Converting PKCS certificates to PEM format for use with the BIG-IP. Beginning in BIG-IP 10.1.0, PKCS12 certificates may be imported without first converting them.sol10167: Overview of the Client SSL profile 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/10000/100/sol10167.html 
&nbsp;  
&nbsp; If that's all it is, I just need to import the key and the cert and I'm done?yes.

wixxyl_98682 · Answer

Great! That seemed to go okay. I did have to import the key first, I notcied that's not really mentioned anywhere. I tried importing the cert first, then the key and receive an error. I've tried the OpenSSL verification on it, but appraently it doesn't do wildcards, so is there a good way to test that? I want to make sure it's installed correctly since this is my first shot at it. Thank you guys for all the help so far, I'm really very grateful for it.&nbsp;
Edit: that did actually work. There was an option that OpenSSL didn't like, but the MD5 still showed up at the bottom and I didn't see it at first. Looks like it worked fine then. Thanks so much guys, you've really helped me out a lot!&nbsp;

nitass · Answer

I tried importing the cert first, then the key and receive an error.does md5 checksum match? 
&nbsp;  
&nbsp; sol13349: Verifying SSL certificate and key pairs from the command line (11.x) 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13349.html

Forum Discussion

Importing existing wildcard?

5 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Security for IoT Devices and Why It’s Important

import f5!

Wildcard Parameter signature attack

Import certificate as pfx format

Creating, Importing and Assigning a CA Certificate Bundle