SSL Certificate Installation Oleh Logicalis Metrodata Indones ©2015


Embed Size (px)



Citation preview

PowerPoint Presentation

SSL Certificate InstallationOleh Logicalis Metrodata Indonesia 2015Create SSL CertificateLogin to F5 Web GUIGo to System > File Management:SSL Certificate ListClick CreateChoose it is issued local or by Certificate Authority (CA)Then insert the Name, the Common Name, and fill in all the rest blank field. Chose Key size, default 2048 bitsThen click Create

Download the CSR

To finish creating the SSL certificate, you should download the CSR (in this figure test.csr) in order to request certificate from the CA.Klik Finished

Export Key

Before you get certificate from CA, you should export the Key Go to System > File Management : SSL Certificate List > choose the cert that have been createdClick the Key tabChoose exportDownload the .key file

SSL Cert from CA

CA(in this example verisign) will send two kind certificate that is .cer and .p7b.cer is the private certificate that you need to import into your F5.p7b is the public certificate that contain root certificate and intermediate certificate.p7b cannot directly import to F5, you need to convert it to .pem using online converter (sslshopper.com) or using F5 from cli with this command openssl pkcs7 -in -text -out .pem print_certs.pfx is certificate that generate from the IIS server..pfx actually can be import directly to F5 by choosing the PKCS12 or it can be convert to .pem using online converter (sslshopper.com) or using F5 from cli with this command openssl pkcs12 -in -out .pem nodes (-nodes used to not include the key)

Import the SSL certificate

You can import the certificate by go to System > File Management: SSL Certificate List > choose the file or click importAfter choose the file then click import and choose the file Then click ImportDo not forget to import the key that have you been download by click Key tab then click Import and choose the file.keyFor certificate form IIS server you can see the line BEGIN RSA PRIVATE KEY ===================Xxxxx===================END RSA PRIVATE KEYCopy that line into notepad and save it to file.key format and import it or by converting to .pem using .pem as lie as file.key

SSL Profile

SSL Profile is needed to assign SSL certificate to Virtual Server, there is 2 types of SSL Profile that is Client and Server.SSL Client Profile enables the BIG-IP system to accept and terminate client requests that are sent using a fully SSL-encapsulated protocol and provides a number of configurable settings for managing client-side Secure Socket Layer (SSL) connections.SSL Server Profile enables the BIG-IP system to initiate secure connections to your SSL servers by using a fully SSL-encapsulated protocol and providing configurable settings for managing server-side SSL connections.

Creating SSL Profile

Go to Local Traffic > Profile : SSL :Client/ServerClick Create or Choose FileFill and chose the name, partition, parent profile, certificate, key and chain(optional).Chain is used to specify a certificate bundle or chain the client can use to establish a trust relationship with a server that presents a certificate signed by an untrusted Certificate Authority (CA).

Assign SSL Profile to a Virtual Server

Go to Local Traffic > Virtual Server Choose the server where the certificate will be deployed.There are available SSL Profile choose the certificate that you want by select and click the arrow buttonThen Click Update