Importing SSL certificate on F5

Question

I have few questions regarding importing self signed certificate on F5 LB. I have generated a SSL certificate using keytool already and now am planning to use the same certificate in F5 for client SSL profile. my questions are as follows,
a) I was able to import my certificate.cer file into F5. any other steps I should take care for cer file?
b) for importing key, do i need the keep key file in any format?. password is mandatory during importing key?. I saw this              steps during importing?

Thanks,
    Akhi

kash_118367 · Answer

You need to copy the certificate in text editor and save in txt format. Also, when you say "key tool" did you meant CA (Certificate Authority)? as you are trying to genereate self signed certificate you will not need certificate from CA. &nbsp;
You can refer solution article SOL14620 - https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html4 &nbsp;

akhilesh_128432 · Answer

Key tool is a command in java to generate and import SSL certificate. My questions are  not related to generating certificate. I had certificate and key already generated, which is a self signed certificate.

My questions are more on the certificate  and key format.my private key is in pkcs.8 format and I wondering will it support on F5 or any other standard format we need to convert before we upload to F5, (like pem format or pk12 format etc)

kash_118367 · Answer

You can convert into pkcs 12;

Importing a PKCS 12 (IIS) file

PKCS 12 is a specifically formatted archive file that is used for storing cryptographic objects in a single file. The PKCS 12 file has an extension of .PFX and is compatible with Windows IIS. To import a PKCS 12 file, perform the following steps:

Note: The BIG-IP system automatically converts PKCS 12 certificates to PEM format when the files are imported.

Impact of procedure: Performing the following procedures should not have a negative impact on your system.

Log in to the Configuration utility.
Navigate to System &gt; File Management &gt; SSL Certificates List.
Click Import.
From the Import Type list, select PKCS 12 (IIS).
In the Certificate Name section, type a name for the certificate.
In the Certificate Source section, click Choose File.
Click Import.

akhilesh_128432 · Answer

agreed, how about the private key. currently my key is in pkcs8  format.  Do I need convert that or directly I can import on F5

kash_118367 · Answer

Have you already tried to import pkcs8 directly? I would say covert pkcx8 format to text and then import to F5.

Forum Discussion

Importing SSL certificate on F5

5 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Re: Automate import of SSL Certificate, Key & CRL from BIG-IP to BIG-IQ

Import ssl certicate bundle through iControl as user with Certificate Manager role

Implementing SSL Orchestrator - Certificate Considerations

SSL Certificate Report

Re: Management Certificate