Forum Discussion

Danny_Arroyo's avatar
Apr 25, 2024

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Hi,

 

I use the F5 Bigip LTM to create CSR's and Keys.  I submit the CSR to our public CA to obtain the Certificate and then import the generated certificate to the F5.  I use the F5 Certificate Management GUI as a database for all of our Public Certificates (as they are all in use in our SSL profiles).

 

All this is good, however after 13 months when it is time to renew the certificate, I use the F5 GUI to renew the CSR.  The problem is that the GUI does not allow me to create a new key when using the "Renew" option.


I could use other command line tools for this, but it would be easier to manage in the F5 GUI.  Does anyone know if there is a way to renew a certificate from the F5 GUI and have it create a new Key?

 

For example click on "System / Certificate Management".  Then click on a Public CA Certificate and click "Renew".  Fill out the required fields and have it generate a new key.

Any advice is appreciated.

  • Hi Danny_Arroyo,

    When you click the Renew button, a new csr file is generated with the existing key.

    If you want a different key file:

    • Create new key and csr files from the menu:

    System > Certificate Management > Traffic Certificate Management : SSL Certificate List > New SSL Certificate...

    • Get the signed SSL certificate from the Authority.
    • Create pfx file with the certificate and key file.
    • Overwrite the pfx file (new certificate and key) with the existing files.

    System > Certificate Management > Traffic Certificate Management : SSL Certificate List > Import

    Import Type: PKCS 12

    Certificate and Key Name: Overwrite Existing