Forum Discussion

Sbeam_233377's avatar
Sbeam_233377
Icon for Nimbostratus rankNimbostratus
Jan 21, 2016

Adding new certificate to existing bundled certificate

Hello. I am new to F5. I have learned the basics so far, but I have hit a snag. I was asked to add a new certificate into our main bundled certificates. I have not had much luck on this yet. Can someone please advise how to add a new certificate into the existing bundle?

 

3 Replies

  • You can use a text editor to merge the certificates.

    A. Export your current bundle certificate from BigIP in text format (Copy the contents to clipboard). Paste the contents to text-editor (i.e. Notepad). It should look something similar to this:

    Your current certificate bundle

    =====BEGIN CERTIFICATE=====
    contents of 1st cert in bundle
    =====END CERTIFICATE======
    =====BEGIN CERTIFICATE=====
    contents of 2nd cert in bundle
    =====END CERTIFICATE======
    

    B. Open your new certificate with text-editor (if not possible, convert to plain-text format first, i.e. PEM). Append the contents to your current certificate bundle.

    =====BEGIN CERTIFICATE=====
    contents of your new (3rd certificate)
    =====END CERTIFICATE======
    

    C. Merge into a final bundle

    =====BEGIN CERTIFICATE=====
    contents of 1st cert in bundle
    =====END CERTIFICATE======
    =====BEGIN CERTIFICATE=====
    contents of 2nd cert in bundle
    =====END CERTIFICATE======
    =====BEGIN CERTIFICATE=====
    contents of your new (3rd certificate)
    =====END CERTIFICATE======
    

    When done, copy the contents of final bundle, and import to BigIP. You can overwrite the existing file, or import with a new name.

    Regards,

  • So, if I understand you correctly, you export the current bundle, add the new certificate into the existing bundle in a text editor and then perform a new certificate creation process in the F5 to bring the updated bundle back in, giving the new certificate bundle the same name as the current bundle and it will over write the existing bundle with the new bundle? So, if I understand this correctly, it is not possible to edit certificates in the F5, you just make changes and overwrite the existing certificate?

     

    Thanks for your help. I appreciate your time!

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      "and then perform a new certificate creation process in the F5" - You do not create a new certificate, you import it. '''giving the new certificate bundle the same name as the current bundle and it will over write the existing bundle with the new bundle'' - No. You first find your existing bundle in GUI by navigating to System - File Management - SSL Certificate List. You open it, and then click import. Select '''Paste Text'' as import method. You paste the new contents, and Voila!