Purpose: SSL/TLS certificate installation guide
For F5 BIG IP 11.3.0
Need Certificate Signing Request (CSR) help? Please see our technote on how to generate a CSR in F5 BIG IP here.
The installation is in three parts:
1) Downloading the certificate
2) Importing Chain and Intermediate certificates
3) Installing the Server Certificate
Step 1 of 3: Downloading the certificate
Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that contains the following files:
• ServerCertificate.crt: Your signed SSL/TLS certificate
• ChainBundle1.crt: The Entrust Certificate chain bundled in a single file
Step 2 of 3: Importing Chain and Intermediate certificates
1. Launch the F5 BIG-IP web GUI.
2. On the Main tab, expand System.
3. Click SSL Certificate to display the list of existing certificates.
4. In the upper right corner, click the Import button.
5. From the Import Type drop down, select Certificate.
6. In the Certificate Name field, enter EntrustChain. In the Certificate Source box, browse to the location of the ChainBundle1.crt file.
7. Click Import. The new certificate should appear in the list as EntrustChain.
Step 3 of 3: Installing the Server Certificate
1. Go back to SSL Certificate List to display the list of existing certificates.
2. Click the name you assigned to the key file when you created your Certificate Signing Request.In this example the name for the key file is Mykey.
3. Click Import.
4. In the Certificate Source box, browse to the location of theServerCertificate.crt file that you downloaded in step 1. Click Import.
5. The Server Certificate and Key should now appear in the list.
6. On the Main tab of the F5 BIG-IP interface, expand Local Traffic and click on Profiles.
7. In the top menu bar, click on SSL > Client.
8. Create a new SSL Profile by clicking Create or open an existing SSL profile that has already been setup.
9. From the Configuration drop down, select Advanced.
10. In the Configuration section, check the Custom box
11. Under Certificate, select your Server Certificate. It will appear with the same friendly name as private key.
12. Under Key, select the name of the Key from the drop down. This key was generated when you generated your Certificate Signing Request before your requested your certificate.
13. Under Chain, select EntrustChain that was imported in section A above from the drop down.
|Your SSL/TLS certificate should now be installed.|
Check that your Certificate has been successfully installed by testing it on the Entrust SSL Install Checker.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088