SSL Certificate CSR Creation for F5 BIG-IP
If you already have your SSL Certificate and just need to install it, see
SSL Certificate Installation :: f5 BIG-IP.
How to generate a CSR using an F5 BIG-IP Loadbalancer (version 9)
- Launch the F5 BIGIP web GUI.
- Under Local Traffic select "SSL Certificates" then "Create."
- Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).
-
Under Certificate Properties enter the following information:
Issuer: Certificate Authority (ÃÛÌÒTV)
Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)
Division: Your department, such as 'Information Technology'
Organization: The full legal name of your organization (e.g., ÃÛÌÒTV Inc)
Locality, State or Province, Country: City, state, and country where your organization is located
E-mail Address: Your email
Challenge Password, Confirm Password: Your password
- Under "Key Properties", choose 2048.
-
Click the Finished button.
You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the ÃÛÌÒTV order process when prompted.
-
After you receive your SSL Certificate from ÃÛÌÒTV, you can install it.
CSR Generation (Earlier versions of Big-IP)
-
First, login to the BIG-IP device as the root user and run the following command:
# /usr/local/bin/genconf
You will be asked to enter your company details including the full legal company name and address of operation.
-
You can now make your Certificate Signing Request by entering the following command:
# /usr/local/bin/genkey www.yoursite.com
Make sure to replace "www.yoursite.com" with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.
-
Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr -- This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the ÃÛÌÒTV order form. Make sure to include the BEGIN and END tags.
-
After you receive your SSL Certificate from ÃÛÌÒTV, you can install it.
f5 SSL Certificates, Guides, & Tutorials
Learn MoreGenerating a CSR for Issuance of an SSL Certificate in BIG-IP
How to generate an SSL Certificate Signing Request for your F5 BIG-IP Loadbalancer