SSL Certificate

Installation

Oleh Logicalis Metrodata Indonesia

2015

Create SSL Certificate

1. Login to F5 Web GUI
2. Go
to
System
>
File
Management:SSL Certificate
List
3. Click Create
4. Choose it is issued local or by
Certificate Authority (CA)
5. Then insert the Name, the
Common Name, and fill in all
the rest blank field.
5. Chose Key size, default 2048
bits
6. Then click Create

Download the CSR

1. To finish creating the
SSL certificate, you
should download the
CSR (in this figure
test.csr) in order to
request
certificate
from the CA.
2. Klik Finished

Export Key
1. Before you get certificate
from CA, you should export
the Key
2. Go to System > File
Management : SSL
Certificate List > choose the
cert that have been created
3. Click the Key tab
4. Choose export
5. Download the .key file

SSL Cert from CA

1. CA(in this example verisign) will send
two kind certificate that is .cer and
.p7b
2. .cer is the private certificate that you
need to import into your F5
3. .p7b is the public certificate that
contain
root
certificate
and
intermediate certificate
4. .p7b cannot directly import to F5, you
need to convert it to .pem using
online converter (sslshopper.com) or
using F5 from cli with this command
openssl pkcs7 -in <PKCSfile>
-text -out <filename>.pem
print_certs
5. .pfx is certificate that generate from
the IIS server.
6. .pfx actually can be import directly to
F5 by choosing the PKCS12 or it can

Import the SSL certificate

1. You can import the certificate by go to
System > File Management: SSL
Certificate List > choose the file or click
import
2. After choose the file then click import
and choose the file
3. Then click Import
4. Do not forget to import the key that
have you been download by click Key
tab then click Import and choose the
file.key
5. For certificate form IIS server you can
see the line
BEGIN RSA PRIVATE KEY
===================
Xxxxx
===================
END RSA PRIVATE KEY
Copy that line into notepad and save it
to file.key format and import it or by

SSL Profile
1. SSL Profile is needed to assign SSL
certificate to Virtual Server, there is 2 types
of SSL Profile that is Client and Server.
2. SSL Client Profile enables the BIG-IP system
to accept and terminate client requests that
are sent using a fully SSL-encapsulated
protocol and provides a number of
configurable settings for managing clientside Secure Socket Layer (SSL) connections.
3. SSL Server Profile enables the BIG-IP system
to initiate secure connections to your SSL
servers by using a fully SSL-encapsulated
protocol and providing configurable settings
for managing server-side SSL connections.

Creating SSL Profile

1. Go to Local Traffic >
Profile
:
SSL
:Client/Server
2. Click
Create
or
Choose File
3. Fill and chose the
name,
partition,
parent
profile,
certificate, key and
chain(optional).
4. Chain is used to
specify a certificate
bundle or chain the
client can use to
establish
a
trust
relationship with a
server that presents
a certificate signed
by
an
untrusted
Certificate Authority

Assign SSL Profile

Virtual Server

to

1. Go to Local Traffic >

Virtual Server
2. Choose the server where
the certificate will be
deployed.
3. There are available SSL
Profile
choose
the
certificate that you want
by select and click the
arrow button
4. Then Click Update