search cancel

Installing an SSL certificate for VIP SSP on F5 BIG-IP Load balancer version 9.x and 10

book

Article ID: 150805

calendar_today

Updated On:

Products

VIP Integrations

Issue/Introduction

 

Resolution

To install an SSL certificate for Big-IP F5 Version 9.x and 10.x, please follow the steps below. 
 
DISCLAIMER: These steps are provided AS-IS, for the benefit of VIP customers. If discrepancies are found, please use the FEEDBACK to provide us with updated information. Symantec recommends that you contact the vendor that supports F5 BIG-IP for technical troubleshooting if additional help is needed.

Step 1: Obtain an SSL certificate and intermediate CA certificate

  1. An SSL certificate download link will be sent by email.
  2. Download and extract the certificate zip file from the email.
  3. Save all files to the following location: /config/bigconfig/ssl.crt/
    NOTE: In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this anually as the configuration synchronization utilities do not perform this function.

 Step 2: Install the Intermediate CA certificate

  1. Log in to the Configuration utility.
  2. Click Local Traffic.
  3. Click SSL Certificates.
  4. Click Import
  5. Select Certificate from the Import Type menu.
  6. Click the Create New option.
  7. Type a unique name for the Certificate Name.
  8. Click Browse and navigate to the intermediate cert file.
  9. Click Open.
  10. Click Import.  

Step 3: Install the SSL Certificate 

  1. In the navigation pane, click Proxies.
  2. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
  3. In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the new one.
  4. Paste the text of the certificate into the Install SSL Certificate window.
  5. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

Step 4: Establish the Trust Chain          

  1. Log in to the Configuration utility.
  2. Click Local Traffic.
  3. Click Profiles.
  4. Select Server from the SSL menu.
  5. Select the Server SSL profile to configure.
  6. Select Advanced from the Configuration menu.
  7. Select the appropriate chain certificate from the Chain drop-down box.
  8. Click Update.
  9. Verify your installation with the Symantec CryptoReport.

F5 Support


            For additional information, refer to F5's KB solution: SOL6401