Forum Discussion
NimbostratusCertificate Import and assign for APM F5
We have successfully installed f5 4000 S for SSL VPN with one virtual server for SSL VPN and need to assign ssl certificate for that virtual server. We have one wild card certificate with us. This wild card based on IIS windows. That wild card certificate has one intermediate and root CA.
We have below clarification
- Is IIS based cer can use for F5 APM ?
- Where we need to import intermediate CA cer
- Where we need to import Root CA cer
- Where we need to import wildcard CA cer
- How to assign that certificate to the virtual server.
Please explain and guide us to import and assigning the certificate.
Regards, Mariappan S
Client profile is for SSL profile that faces the client(LTM being the server) and server profile for that facing back end server(LTM being the client).
In your case client profile for the SSL VPN clients and server profile for portal, if you are using it.
8 Replies
kunjanIs IIS based cer can use for F5 APM ?
Yes, you can import the cert in PKCS12 format.
Where we need to import intermediate CA cer
Do the import using the File Management -> SSL Cert Lis -> import
Add this to the cert chain under client profile as you only have one intermediate cert.
Where we need to import Root CA cer
Same as the above. You may not need this if the root cert is trusted by the client.
Where we need to import wildcard CA cer
Same as above
How to assign that certificate to the virtual server.
Create the client SSL profile, attach the wild card cert to cert/key and intermdeiate cert to the cert chain as mentioned earlier.
You may refer this doc.. but the doc talks about 2 intermediate cert.. so creating the bundle not required for your case.
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html
Mariappan_S_156Thanks kujan. what is the different between server profile and client profile. In above you mention only client profile, what about the server profile. Regards, Mariappan S
kunjan_118660Cumulonimbus
Is IIS based cer can use for F5 APM ?
Yes, you can import the cert in PKCS12 format.
Where we need to import intermediate CA cer
Do the import using the File Management -> SSL Cert Lis -> import
Add this to the cert chain under client profile as you only have one intermediate cert.
Where we need to import Root CA cer
Same as the above. You may not need this if the root cert is trusted by the client.
Where we need to import wildcard CA cer
Same as above
How to assign that certificate to the virtual server.
Create the client SSL profile, attach the wild card cert to cert/key and intermdeiate cert to the cert chain as mentioned earlier.
You may refer this doc.. but the doc talks about 2 intermediate cert.. so creating the bundle not required for your case.
http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13302.html
- Mariappan_S_156Thanks kujan. what is the different between server profile and client profile. In above you mention only client profile, what about the server profile. Regards, Mariappan S
- kunjan
Client profile is for SSL profile that faces the client(LTM being the server) and server profile for that facing back end server(LTM being the client).
In your case client profile for the SSL VPN clients and server profile for portal, if you are using it.
- Mariappan_S_156Thanks Kunjan, We successfully import and understand about the certificate importing.
- kunjan_118660
Client profile is for SSL profile that faces the client(LTM being the server) and server profile for that facing back end server(LTM being the client).
In your case client profile for the SSL VPN clients and server profile for portal, if you are using it.
- Mariappan_S_156Thanks Kunjan, We successfully import and understand about the certificate importing.
