NimbostratusHi
Installed a trial version of F5 Big IP and trying to put certificates from Windows CA. It asked for Key Source and Certificate Source. Certificate Source is the actual certificate from the Windows CA right? what is key source and how do I obtain it?
Thanks
NimbostratusYou need to export the Private Key from your Windows CA and import into the F5. Make sure the certificate name and key names are same so that F5 knows which key belongs which certificate.
hope it helps.
Muhammad
Nimbostratusthanks, for my understanding you mean export private key as pkcs format and import into F5? isn't the private key generated by F5, can't I just use that under the device certificate tab?
I am bit new to private key public key concept - is there a blog that explains that or can you in simple words :)
CumulonimbusSteps to install SSL certificate is mentioned below:
A. Login to F5 active device
B. Go to System ›› File Management : SSL Certificate List
C. Click create button and update the details as mentioned below Note: In common name you need to mention FQDN name. Always select key size as 2048.
D. Download the CSR file and send to your vendor for a required certificate.
Vendor will provide following certificates.
Website certificate --This one you need to import
AddTrustExternalCARoot and UserTrustSAAddtrustCA -- You need to combine these two certs for intermediate certificate.
Trusted Secure Certificate Authority
E. Now import the certs as mentioned below. System ›› File Management : SSL Certificate List ›› Import F. Both Cert and key should be same name.
G. Once cert, key and intermediate certs are imported we need to create SSL client profile.
H.Configure new SSL certs under Client profile.
I. Create a new profile as mentioned below Go to Local Traffic ›› Profiles : SSL : Client In Certificate, key and chain select the files which you created Then click Add Once certificate key chain is update, click finished.
J.Most of the times you need to update intermedaite certificate. Then you need to bundle certificates other than website certificate and import and call in SSL client profile chain section.
K. If you receive certifcate in pkcs format, you need to convert them to PEM format and then import to F5.
Hope this helps. Please let me know any more information is required.
NimbostratusThank you will give this a try and let you know
CumulonimbusSure.
AltostratusSteps to install SSL certificate is mentioned below:
A. Login to F5 active device
B. Go to System ›› File Management : SSL Certificate List
C. Click create button and update the details as mentioned below Note: In common name you need to mention FQDN name. Always select key size as 2048.
D. Download the CSR file and send to your vendor for a required certificate.
Vendor will provide following certificates.
Website certificate --This one you need to import
AddTrustExternalCARoot and UserTrustSAAddtrustCA -- You need to combine these two certs for intermediate certificate.
Trusted Secure Certificate Authority
E. Now import the certs as mentioned below. System ›› File Management : SSL Certificate List ›› Import F. Both Cert and key should be same name.
G. Once cert, key and intermediate certs are imported we need to create SSL client profile.
H.Configure new SSL certs under Client profile.
I. Create a new profile as mentioned below Go to Local Traffic ›› Profiles : SSL : Client In Certificate, key and chain select the files which you created Then click Add Once certificate key chain is update, click finished.
J.Most of the times you need to update intermedaite certificate. Then you need to bundle certificates other than website certificate and import and call in SSL client profile chain section.
K. If you receive certifcate in pkcs format, you need to convert them to PEM format and then import to F5.
Hope this helps. Please let me know any more information is required.
NimbostratusThank you will give this a try and let you know
AltostratusSure.