What is the process to install a Certificate Signing Request for F5 BIG-IP
In order to generate a CSR for F5 BIG-IP 9.0 and earlier versions, please follow these steps:
For F5 BIG-IP 9.0
1. Launch the F5 BIGIP web GUI.
2. Under Local Traffic, select SSL Certificates then Create.
3. Under General Properties, name your certificate.
4. Fill in the required details about your company:
Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name, e.g., devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com
Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc
Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank).
City/locality - The city or town in which your organization is located.
State/province - The state in which your organization is located.
Country - Click here for the official list of ISO country codes for this field.
Email Address - Leave blank.
Challenge password - Leave blank.
Retype password - Leave blank.
5. Under key properties, choose 2048.
6. Click the Finished button.
7. Open the CSR file and copy/paste the entire contents (including the BEGIN and END tags) into our order form.
For F5 BIG-IP Earlier versions
You must create a SSL configuration file, before generating a CSR. This can be completed by running the following command:
# /usr/local/bin/genconf
When you run this command, the BIG-IP will ask for your company information.
Common Name – Must match the URL you plan to secure exactly – is usually your fully-qualified domain name, e.g., devel.ssl247.co.uk or mail.devel.ssl247.co.uk). Remember the www. Is important – include it if you want to secure https://www.yoursite.com & exclude it if you want to secure https://yoursite.com
Organisation - The legal (officially registered) name of your organization/company include Inc., LLP., Pvt, Plc. Ltd. SARL., etc
Organisational unit - The name of your department within the organization (this is often "IT," "Web," or is just left blank).
City/locality - The city or town in which your organization is located.
State/province - The state in which your organization is located.
Country - Click here for the official list of ISO country codes for this field.
Email Address - Leave blank.
Challenge password - Leave blank.
Retype password - Leave blank.
Run the following command to generate a new certificate request:
# /usr/local/bin/genkey www.yourdomain.com
Be sure to replace www.yourdomain.com with your Common name – FQDN (Fully Qualifed domain name). You will be prompted again for your company information during this step.
The CSR will be stored in the following: /config/bigconfig/ssl.crt or Fully Qualified Domain Name.crt Copy the entire contents of the CSR, insuring to include
