How to Implement 2 Way SSL in F5 LTM

Generate CSR: Login to F5 active device 

Go to System ›› File Management : SSL Certificate List Click create button and update the details as mentioned below Note: In common name you need to mention FQDN name. If it is not a wildcard certificate then you need to mention as FQDN name. If it is wild card mention * before FQDN. Always select key size as 2048.

B. Download the CSR file and send to vendor

C. Vendor will provide following certificates.

Website certificate --This one you need to import . AddTrustExternalCARoot . UserTrustSAAddtrustCA . Trusted Secure Certificate Authority

D. Now import the certs as mentioned below. System ›› File Management : SSL Certificate List ›› Import

E.Key import details are mentioned below. System ›› File Management : SSL Certificate List ›› Import

Both Cert and key should be same name

Once cert, key and intermediate certs are imported we need to create SSL client profile

F.Configure new SSL certs under Client profile

Create a new profile as mentioned below

Go to Local Traffic ›› Profiles : SSL : Client In Certificate, key and chain select the files which you created Then click Add Once certificate key chain is update, click finished

Most of the times you need to update intermedaite certificate. Then you need to bundle certificates other than website certificate and import and call in SSL client profile chain section.

For Server SSL just assign default existing profile (serverssl-insecure-compatible)