Install a certificate on a F5 platform (BIG-IP , Firepass, ...)
You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.
1- Retrieve your certificate(s) on your server
Download the files indicated in the delivery email, or go to the certificate status page and click on the "View certificate" button:
- A: your server certificate (.cer file)
- B: the certification chain ("See the certification chain" button)
For recent Big-IP servers
For recent versions of Big-IP, you can directly import a file in PKCS12 format (.pfx) which contains your certificate, the certification chain as well as your private key.
To obtain it, you can generate a PFX file using our KeyBot tool if your certificate request (CSR) was generated directly from the order form.
Otherwise you can generate a PFX file with the help of a tool like OpenSSL. See our documentation: Make a pkcs12 (.pfx or .p12) from files for OpenSSL
2- Install the certificate
Log into your F5 administration interface:- F5 BigIP:
- Go to the SSL Certificate List page which is:
- On BIG-IP 13.X : System > Certificate Management > Traffic Certificate Management > SSL Certificate List
- On BIG-IP 12.X : System > File Management > SSL Certificate List
- Select Import
- In the import type, select Certificate
- In the field Certificate Name, select Create New and choose a unique name for your certificate, or select Overwrite Existing to replace an existing certificate. From the list, choose the certificate to replace.
- In Certificate Source, select Upload file and go find the path where your certificate is stored. Or you can choose the option Paste text for copy paste the contents of your certificate.
- Click on Import.
- F5 Firepass:
- Go to Device Management: Security: Certificates page: Renew/Replace SSL Server Certificate
- Click on Install
- Fill in the content of your certificate and your private key in the corresponding fields
- In the field Optionally, put your intermediate certificate chain here (in the PEM format), enter the content of your intermediate certificate (s) and the root certificate.
- Finally click on Go
4- Activation on F5 BigIP
- Create a SSL Profile
- select the certificate and its intermediate
- Open SSL Profile
- In Configuration, select Advanced
- Select the concerned certificate
- Select the corresponding private key
- In Trusted Certificate Authorities, select the chain file
- Save and quit
External links
- Support F5: Configuring the BIG-IP system to use an SSL chain certificate (11.x - 15.x)
- Support F5: Obtaining and installing third-party SSL certificates (Legacy)
- Support F5: Configuring OCSP on Big-IP
- Comodo support: Install a SSL certificate on BIG-IP
- Comodo support: Certificate Installation: F5 Firepass
- GlobalSign support: Install your Certificates in F5 Big IP
- Thawte support: Install a Thawte certificat on BIG IP F5 9.X or 10.X
- Update your F5 / BigIP firmware