Forum Discussion

GavinW_29074's avatar
GavinW_29074
Icon for Nimbostratus rankNimbostratus
Jan 11, 2012

Create SSL CSR Against existing Key

Hi there,

 

 

We're coming from an existing Apache set-up, whereby all CSR's were generated by OpenSSL on a Linux server against a defined Private Key. This meant that these certificates were easily transferable between web servers which all shared a common Private Key...

 

 

From looking at the F5's, it appears that on generating a CSR, it's not possible to specify a Private Key to use... Obviously this means that each certificate has a different private key, which means that moving it to another server, Apache instance or DR F5's becomes a bit more complex...

 

 

Is it possible to specify that the F5 uses a pre-existing Private Key when generating a CSR?

 

Or is there an equally easy way to move keys from one F5 to another, etc...

 

 

Cheers

 

Gav

 

  • all private key, csr and certificate are stored in /config/ssl directory. you are able to run openssl against them.
  • Ok, so it's technically possible but relies on us dropping into the command line...

     

     

    Mmm, will have to review that a bit further :)

     

     

    Cheers

     

    Gav

     

  • If you have an existing cert and key imported to LTM and renew the cert, it should use the existing key. I'd test this with a dummy cert/key first, but I think it should work like that. Else, like Nitass says, you can use openssl to do this on the CLI.

     

     

    Note that in v11, not all of the cert/key files are stored in /config/ssl/. They're now under /config/filestore/files_d/Common_d/ with links for default.crt, default.key, ca-bundle.crt going back to /config/ssl/. And you must use the GUI or tmsh to import certs and keys into the filestore. Modifying files in the filestore and reloading the config doesn't work anymore...

     

     

    Aaron
  • Aaron

     

     

    Cheers for the update.

     

     

    Will run some further tests I think...

     

     

    Gav