Extract CSR for SSL Certificate

A previous one? You can't. AFAIK it's not saved anywhere.

 

 

You can however generate a NEW CSR for an existing key. But if your aim is to get a certificate renewal, I'd recommend generating a NEW keypair and use the CSR from that. (There's no real requirement to get a copy of a CSR. It's only of use to request a signed certificate from a CA. Once signed, you just need the cert and the private key).

 

 

H

Actually... I lie...

 

 

BigIP (10.2.1) saves the CSR's in /config/ssl/ssl.csr

 

 

H

Hi,

 

 

Yes I am trying to generate a CSR for renewal of an existing certificate. So do I need to export the existing Key ti get there.

 

 

There is an option to "Renew" how will that work

 

 

Thanks

Hi Chirag,

 

 

Clicking renew will generate a new CSR with the existing key. If you want to create a new key and CSR, you can use this process:

 

 

sol7573: Renewing a Certificate Authorities signed certificate that requires a new key without overwriting the current key and certificate

 

http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7573.html

 

 

And be aware of this:

 

 

sol10561: The BIG-IP system may not use a renewed SSL certificate

 

http://support.f5.com/kb/en-us/solutions/public/10000/500/sol10561.html

 

 

Aaron

I always insist on a new keypair... It's no trouble to do and so much safer if old backups etc get compromised.

 

 

You also get to increase the keylength...

 

 

H

The CSR can be generated by creating a new SSL certificate. Go to LTM, SSL Certificates & then select create & once you press finish after filling in the details a CSR is generated which can be used for getting the certificate from the Certificate Authority e.g. Verisign.