Forum Discussion
newbief5_162606
Cirrus
CirrusImport SSL Cert
How to import SSL cert bundles and keychains to another LTM?
Ref: https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html
Section 'Importing an SSL certificate'
First you export the certificate or private key as .txt (Ctrl + C for copy), and then you import it to another BigIP as txt (Ctrl + V paste). It's a lot more complicated with FIPS module, but I assume you don't use it.
Hannes_Rapp_162Nacreous
Ref: https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html
Section 'Importing an SSL certificate'
First you export the certificate or private key as .txt (Ctrl + C for copy), and then you import it to another BigIP as txt (Ctrl + V paste). It's a lot more complicated with FIPS module, but I assume you don't use it.
- newbief5_162606What about key chains and certificate bundles?
- newbief5_162606I am trying to import my SSL certs from one LTM to another LTM. I am able to import the single certs, however trying to figure out how to import the bundle certs.
- Hannes_Rapp_162Exactly the same way, there's no difference in the procedure if you use the copy/paste method. If you export as files, you will need to paste each of the individual certificates (one after another) to a notepad file, and then import that merged result. Notice that in a single certificate you have one BEGIN and one END tag; in a bundle cert, you have more.
Hannes_RappNimbostratus
Ref: https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html
Section 'Importing an SSL certificate'
First you export the certificate or private key as .txt (Ctrl + C for copy), and then you import it to another BigIP as txt (Ctrl + V paste). It's a lot more complicated with FIPS module, but I assume you don't use it.
- newbief5_162606What about key chains and certificate bundles?
- newbief5_162606I am trying to import my SSL certs from one LTM to another LTM. I am able to import the single certs, however trying to figure out how to import the bundle certs.
- Hannes_RappExactly the same way, there's no difference in the procedure if you use the copy/paste method. If you export as files, you will need to paste each of the individual certificates (one after another) to a notepad file, and then import that merged result. Notice that in a single certificate you have one BEGIN and one END tag; in a bundle cert, you have more.
Samir_Jha_52506Noctilucent
Hi Newbief5,
It very easy to import though GUI.
System-->File Management--> SSL --> Import--> Select "cert" & fill details.
- Misa_222415
Hi,
There is a risk way to import all SSL to a new LTM.
- Take a UCS file of your old LTM.
-
Take the master key of your old
(Copy that)bash f5mku –K -
reKey your new LTM with the old LTM’s key
f5mku –r <paste the masterkey of your old LTM> -
Import the UCS file from your old LTM to your new LTM
-
Restore the UCS file on your new LTM:
tmsh load sys ucs <name of ucs>.ucs no-license no-platform-check reset-trust -
Deleting all other configuration elements that you don’t want
-
All SSL profiles will be there.
Do not do this if the new LTM is already productive. This procedure is applicable just if you need all SSL on another LTM no matter what.
- Samir_Jha_52506ucs doesn't contain SSL Key & cert file. If you need to move all key/cert to other LTM system then use archive method.
- Misa_222415Hi Samir Jha, I've done this several times, and yes it is possible.