Entrust Certificate Services Support Knowledge BaseLast Modified: 2016-09-02 12:54:20.0
How is the Server Certificate installed on F5 BIG IP?
Article Number: 46355Before you begin
- Make sure you back up your Apache configuration files before making any changes. If you are replacing an existing certificate, do not delete the existing certificate or private key files in case you need to revert your previous configuration.
- Never share private keys files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a a zip file that contains the following files:
- ServerCertificate.crt: Your signed SSL/TLS certificate
- ChainBundle1.crt: The Entrust Certificate chain bundled in a single file
How is the Server Certificate installed on F5 BIG-IP?
To install the Server Certificate, complete the following steps:
** Note these steps are based on F5 BIG-IP 9.4.8
Part 1 – Import the Server Certificate
- Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your Local Computer.
- Launch the F5 BIG-IP web GUI.
- On the Main tab, expand Local Traffic.
- Click SSL Certificates. The list of existing certificates displays.
- Click on the name assigned to the certificate while creating the CSR.
- Click Import.
- In the Certificate Source box, browse to the location of your Server Certificate file.
- Click Import. The Certificate & Key information now appears in the Certificate List.
Part 2 – Update the Client SSL Profile
- On the Main tab of the F5 BIG-IP web GUI, expand Local Traffic and then click Profiles.
- On the Menu bar, from the SSL menu, select Client.
- Create or open the SSL Profile that you will be using with this certificate.
- From Configuration list, select Advanced.
- In the Configuration section, check the Custom box to the right of both Certificate and Key.
- From the Certificate list, select the name of the Server Certificate from the drop down list.
- From the Key list, select the name of the Key from the drop down list.
- Scroll to the bottom and click on Finished or Update to save the configuration.
- Entrust Certificate Services 1 Year Advantage SSL Certificate Version Not Applicable Language Not Applicable Platform Not Applicable