Forum Discussion

Piotr_Lewandows's avatar
Piotr_Lewandows
Icon for Altostratus rankAltostratus
Jul 10, 2017

BIG-IQ and certificate management - why certificates are not imported

Hi,   I am quite new to BIG-IQ so maybe this is very obvious question. Anyway I am quite surprised that BIG-IQ is not importing actual certificate files form BIG-IP.   All test done on BIG-IQ 5...
automation
BIG-IP
BIG-IQ
certificate
devops
import
key
manage
security
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Jul 10, 2017

Piotr,

I assume this is BIG-IQ giving you flexibility on what you can do around cert/keys. If you want to manage them from an expiry point of view and they don't need to be on other systems - e.g. other systems aren't going to have them in any client or server ssl profile, then Unmanaged will work.

However, if you do want BIG-IQ to be more of a certificate store, then you will need to import them, as you have found.

You can import the certificate/keys from the BIG-IQ gui itself, from BIG-IQ Device Mgmt Guide, i hope this helps:

 When you discover a BIG-IP® device, BIG-IQ® Centralized Management imports its SSL certificates' properties (metadata), but not the actual SSL certificates and key pairs. These certificates display as Unmanaged on the BIG-IQ Certificates & Keys screen. This allows you to monitor each SSL certificate's expiration date from BIG-IQ, without having to log on directly to the BIG-IP device.
Convert an unmanaged SSL key certificate and key pair to managed so you can centrally manage it from BIG-IQ Centralized Management. This saves you time because you don't have to log on to individual BIG-IP devices to create, monitor, or deploy certificates.
At the top of the screen, click Configuration.
On the left, click LOCAL TRAFFIC > Certificate Management > Certificates & Keys .
Click the name of the unmanaged certificate.
For the Certificate Properties State setting, click the Import button and then:
To upload the certificate's file, select Upload File and click the Choose File button to navigate to the certificate file.
To paste the content of a certificate file, select Paste Text and paste the certificate's content into the Certificate Source field.
For the Key Properties State setting, click the Import button and then:
To upload the key's file, select Upload File and click the Choose File button to navigate to the key file.
To paste the content of a key file, select Paste Text and paste the key's content into the Key Source field.
Click the Save & Close button at the bottom of the screen.
The SSL certificate now displays as Managed on the Certificates & Keys screen.
You can now assign this SSL certificate and key pair to a Local Traffic Manager clientssl or serverssl profile, and deploy it to a BIG-IP device. For more information, refer to the topic titled Deploying Changes.