メインコンテンツまでスキップ

SSL/TLS Certificate Installation Guide for F5 BIG IP 13.x and Higher

SSL/TLS Certificate Installation Guide for F5 BIG IP 13.x and Higher

In the Pickup wizard, click Download to download your certificate files. You'll see a zip file that contains these files:

  • ServerCertificate.crt: Your signed SSL/TLS certificate
  • ChainBundle1.crt: The Entrust Certificate chain bundled in a single file

Installation is in two parts:

  1. Install the Chain/Intermediate Certificate
  2. Install the Server Certificate

Part 1:  Install the Chain/Intermediate Certificate

  1. Launch the F5 BIG-IP web GUI

User-added image

  1. On the main tab, expand System

User-added image

  1. ​​​Go to Certificate Management > Traffic Certificate Management >SSL Certificate List to display the list of existing certificates:

User-added image

User-added image

  1. In the upper right corner, click Import

User-added image

  1. In the Import Type dropdown list, select Certificate

User-added image

  1. In the Certificate Name field, enter EntrustChain
  2. ​​​​​​​ In the Certificate Source box, browse to the location of the ChainBundle1.crt file
  3. Click Import

User-added image

  1. ​​​​​​​ The new certificate appears in the list as EntrustChain

User-added image

Part 2: Install the Server Certificate

  1. Go back to System > Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates

User-added image

  1. ​​​​​​​Click the name you assigned to the key file when you created your Certificate Signing Request

User-added image In this example, the name for the key file is F5SSLCertificate.

  1. ​​​​​​​Click Import
  2. In the Certificate Source box, browse to the location of the ServerCertificate.crt file that you downloaded, then click Import
  3. The Server Certificate and Key should now appear in the list:

User-added image

  1. ​​​​​​​On the main tab of the F5 BIG-IP interface, expand Local Traffic and then click Profiles

User-added image

  1. In the top menu bar, select Client from the SSL dropdown list

User-added image

  1. Create a new SSL Profile by clicking Create, or open an existing SSL profile that has already been set up

User-added image

  1. In the Configuration dropdown list, select Advanced
  2. In the Configuration section, select the Custom check box

User-added image

  1. Click Add

User-added image

  1. Under Certificate, select your Server Certificate--it will appear with the same friendly name as the private key
  2. In the Key dropdown list, select the name of the key that was generated when you requested your certificate
  3. In the Chain dropdown list, select EntrustChain, which was imported in section 1
  4. Click Add

User-added image

  1. Your certificate appears in the Certificate Key Chain text box as shown here:

User-added image

  1. Scroll down and then click Finished

Your SSL/TLS certificate should now be installed.

Check that your certificate has been successfully installed by testing it on the Entrust SSL Install Checker