Forum Discussion
Kesha_50406
Altostratus
AltostratusF5 BIG-IP WebGUI intermediate certificate
I don't see how I can install an intermediate certificate for the F5 BIG IP management WebGUI. The device seems to be using the "Device Certificate" (under System > Device Certificates) for its manag...
dragonflymr
Cirrostratus
CirrostratusHi,
Old post but helpful! Still I am not sure what are necessary for this scenario:
- Stand alone BIG-IP
- private root CA, no intermediates
- Device certificate signed by CA
My guess is that I have to:
- Import device cert and key using System ›› Device Certificates : Device Certificate ›› Device Certificate Import (seems that key should be set without password) - that is obvious. Probably should be done as second step after using Trusted Device Certificates Import?
- What next?
- Import private CA cert using Trusted Device Certificates Import with Replace option (right now there is self-signed cert generated automatically during setup), is there any reason to use Append in such situation?
- Copy private CA cert to /config/httpd/conf/ssl.crt/ folder
- Use tmsh modify sys httpd ssl-certchainfile conf/ssl.crt/privateCA.crt - is this step really necessary? What is difference between this step and step with Trusted Device Certificates? Should ssl-certchainfile be used or ssl-ca-cert-file can be used when no chain file is necessary?
Piotr
