Certificate Import and assign for APM F5

Question

We have successfully installed f5 4000 S for SSL VPN with one virtual server for SSL VPN and need to assign ssl certificate for that virtual server.
We have one wild card certificate with us.  This wild card based on IIS windows.
That wild card certificate has one intermediate and root CA.&nbsp;
We have below clarification&nbsp;
Is IIS based cer can use for F5 APM ?Where we need to import intermediate CA cerWhere we need to import Root CA cerWhere we need to import wildcard CA cerHow to assign that certificate to the virtual server.
Please explain and guide us to import and assigning the certificate.&nbsp;
Regards,
Mariappan S&nbsp;

kunjan_118660 · Accepted Answer

Client profile is for SSL profile that faces the client(LTM being the server) and server profile for that facing back end server(LTM being the client).&nbsp;
In your case client profile for the SSL VPN clients and server profile for portal, if you are using it.&nbsp;

kunjan · Answer

Is IIS based cer can use for F5 APM ?&nbsp;

Yes, you can import the cert in PKCS12  format.&nbsp;

Where we need to import intermediate CA cer&nbsp;

Do the import using the File Management -&gt; SSL Cert Lis -&gt; import&nbsp;
Add this to the cert chain under client profile as you only have one intermediate cert.&nbsp;

Where we need to import Root CA cer&nbsp;

Same as the above. You may not need this if the root cert is trusted by the client.&nbsp;

Where we need to import wildcard CA cer&nbsp;

Same as above&nbsp;

How to assign that certificate to the virtual server.&nbsp;

Create the client SSL profile, attach the wild card cert to cert/key and intermdeiate cert to the cert chain as mentioned earlier.&nbsp;
You may refer this doc.. but the doc talks about 2 intermediate cert.. so creating the bundle not required for your case.&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html&nbsp;

kunjan_118660 · Answer

Is IIS based cer can use for F5 APM ?&nbsp;

Yes, you can import the cert in PKCS12  format.&nbsp;

Where we need to import intermediate CA cer&nbsp;

Do the import using the File Management -&gt; SSL Cert Lis -&gt; import&nbsp;
Add this to the cert chain under client profile as you only have one intermediate cert.&nbsp;

Where we need to import Root CA cer&nbsp;

Same as the above. You may not need this if the root cert is trusted by the client.&nbsp;

Where we need to import wildcard CA cer&nbsp;

Same as above&nbsp;

How to assign that certificate to the virtual server.&nbsp;

Create the client SSL profile, attach the wild card cert to cert/key and intermdeiate cert to the cert chain as mentioned earlier.&nbsp;
You may refer this doc.. but the doc talks about 2 intermediate cert.. so creating the bundle not required for your case.&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html&nbsp;

mariappan_s_156 · Answer

Thanks kujan. what is the different between server profile and client profile. 
In above you mention only client profile, what about the server profile.

Regards,
Mariappan S

mariappan_s_156 · Answer

Thanks kujan. what is the different between server profile and client profile. 
In above you mention only client profile, what about the server profile.

Regards,
Mariappan S

Forum Discussion

Certificate Import and assign for APM F5

8 Replies

Recent Discussions

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Help with URL Masking

Related Content

Creating, Importing and Assigning a CA Certificate Bundle

Import certificate as pfx format

APM variable assign examples

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP