Exchange Certificates on LTM

Hi Fawad,

 

 

The Device Certificate is completely seperate from anything having to do with the Exchange certificates. The Device Certificate is the SSL certificate which is used to encrypt management traffic where needed-- for instance, when connecting https to the F5s web management interface.

 

 

To expand on Nitass' responses a bit...

 

 

2. How do you generate CSR for device certificate? How is the Key request generated? I guess I have to send both of them to CA.

 

Honestly, the self signed Device Certificate which comes on the F5 by default is good enough for most purposes. If you have an internal CA you can generate a CSR for the hostname you've given the device and just import the cert/key.

 

3. I have to generate SSL SAN certificate CSR for Exchange? How do I generate Key along with this?

 

The private key is generated in step 7 and is saved to the file name you provide with the "-keyout" parameter. When you receive the certificate back from the CA, you'll import both the key and certificate into the F5s certificate store and create an SSL profile.

 

Do I need to have both Device Certificate and SSL certificate for it to work properly?

 

No, these items are seperate.

 

5. Is the Key for Device Certificate same as the Key for SSL certificate?

 

They're the same in that they're PKI keys, but the keys will be different as they are generated when a CSR is created.

 

 

I hope this helps.

 

 

John