HTTP iApps and CSR generation

We've recently started using iApps in our environment for provisioning. In addition, our newer security standards no longer permit the use of wildcard certificates for web applications. For non-iApp deployments, we would generate a CSR from the F5 for the domain and have it publicly signed. Then we'd import the cert and key (and chain if necessary), build a new client SSL profile for the cert, and apply it to the virtual server.

 

We'd like to be able to use the standard HTTP template as a boilerplate, but when the user gets to the SSL encryption section, it prompts them for the domain to generate a CSR, which is emailed to a distro that handles signing requests. When they receive it back, they can insert it and complete the VS, pool, and node provisioning, with a client SSL profile generated and applied to the VS utilizing the new certificate.

 

Is this too complex to traverse with an iApp? Should it be done in two separate templates? We are curious how others with similar requirements have handled this.

 

Any advice or guidance is greatly appreciated - thank you in advance