f5 BIG-IP SSL Certificate Installation
Install your
SSL Certificate to a f5 BIG-IP Loadbalancer (version 9)
Installing the
SSL Certificate
1. Launch the F5 BIGIP web GUI.
2. Under Local Traffic
select "SSL Certificates."
3. Click on the name you assigned to the
certificate under "General Properties" while creating the CSR.
4. Browse to
the your_domain_name.crt file that you received from Comodo.
5. Click "Open"
and then "Import."
Your SSL Certificate file is now
installed.
Enabling your Intermediate Certificate
1. In the web
GUI, choose "Local Traffic," then "SSL Certificates," and then "Import."
2.
Under "Import Type," choose Certificate, then "Create New."
3. Enter
"ComodoCA" as your certificate name.
4. Browse to the Domain.crt file that
you received from Comodo, click "Open," and then "Import."
Your
intermediate certificate should now be imported.
Configure your server
for SSL
1. Create or open the SSL Profile that you will be using with
this certificate.
2. Under "Configuration," choose "Advanced."
3. Select
the SSL certificate (public/private key pair) that you installed at the
beginning of these instructions.
4. Under the "Chain" section, browse to the
"ComodoCA" file that you imported in the previous step, then save and exit the
configuration
Your SSL Certificate has now been installed and enabled for
use on your server.
f5 BIG-IP Pre Version 9.x
Inside your Comodo
account you can download your certificate files. You will need the Primary
(your_domain_name.crt) and Intermediate (Comodo.crt) certificate files. You will
need both of these files for proper installation on you BIG-IP device. You do
not need the TrustedRoot.crt file
1. Move your Primary and Intermediate
Certificates to the BIG-IP device.
The Primary (your_domain_name.crt) and
Intermediate (intermediate-ca.crt) certificate files can be moved to the BIG-IP
box using FTP.
2. Rename and move the certificate files.
Rename
your Primary certificate from your_domain_name.crt to your.domain.name.crt and
copy it to the /config/bigconfig/ssl.crt/ folder.
Copy the
intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder.
3. Restart
the Proxy.
# bigpipe proxy :443 disable
# bigpipe proxy
:443 enable
Question
How is the Trusted Root
Certificate installed on F5 BIG-IP?
Answer
To install the Trusted
Root Certificate, complete the following steps:
** Note these steps are
based on release 6 of the F5 Big IP version 9
Part 1 – Import the
Trusted Root Certificate
1. Copy and paste the Comodo Root Certificate
(including the BEGIN and END tags) into a text editor such as Notepad and save
it on your Local Computer.
NOTE: For Extended Validation (EV)
Certificates, download and install the Comodo Root Certificate as the Trusted
Root.
2. Launch the F5 BIG-IP web GUI.
3. On the Main tab, expand
Local Traffic.
4. Click SSL Certificates. The list of existing
certificates displays.
5. In the upper right corner of the screen, click
Import.
6. From the Import Type list, select Certificate.
7. In
the Certificate Name box, type a unique name for the certificate.
8. In
the Certificate Source box, browse to the location of your Trusted Root
Certificate file.
9. Click Import. The Trusted Root Certificate should
appear in the Certificate List.
Part 2 – Update the Client SSL
Profile
1. On the Main tab of the F5 BIG-IP web GUI, expand Local Traffic
and then click Profiles.
2. On the Menu bar, from the SSL menu, select
Client.
3. Create or open the SSL Profile that you will be using with
this certificate.
4. From Configuration list, select Advanced.
5.
In the Configuration section, check the Custom box to the right of Trusted
Certificate Authorities.
6. From the Trusted Certificate Authorities
list, select the name of the of the root certificate from the drop down
list.
7. Scroll to the bottom and click on Finished or Update to save the
configuration.
阅读(809) | 评论(0) | 转发(0) |