Install internal company security certificate on BIG-IQ.

Question

Hi,&nbsp;
I try to install company internal certificate on BIG-IQ.
I used the K14499.pdf but it still doesn't work.
If I open https to BIG-IQ I get a certificate error.&nbsp;
Here the steps that I did:&nbsp;

Generated a random number file&nbsp;

Created a client certificate key&nbsp;

Created a client certificate signing request (CSR)&nbsp;

Used the CSR to generate certificate and chain on internal certificate service solution and copied it to BIG-IQ (certnew.cer and certnew.p7b)&nbsp;

Imported the CA certificate in tmsh crypto and saved it. After this the server was rebooted .&nbsp;

Unfortunately if I open a browser and connect to the BIG-IQ the same certificate error appears:
"There is a problem with this website’s security certificate.
The security certificate presented by this website was issued for a different website's address.
The security certificate presented by this website was not issued by a trusted certificate authority".&nbsp;
It looks like the new certificate wouldn't be installed correctly.
K14499.pdf is written for BIG-IP devices. Is there any instruction for BIG-IQ 5.1?&nbsp;
Reg.
Janus&nbsp;

dragonflymr · Answer

Hi,&nbsp;
Simple question, did you review data about certificate presented by browser? If so is BIG-IQ returning certificate you installed (check cert serial) or default one?&nbsp;
If BIG-IQ is returning newly installed cert then issue is somewhere else. If you are using self signed cert (if I am not wrong from your description) then no browser accept such certificate as safe.&nbsp;
Actually it quite hard to convince some browser that certificate is trusted even if created by internal CA with CA root cert imported into Trusted in browser - some browsers just require your CA cert to be signed by well known authority - at least my experience. &nbsp;
Piotr&nbsp;

amintej · Answer

Hi, another simple question did you check common name and subject alternative name is equal to the domain you are using for accesing big iq ?
"There is a problem with this website’s security certificate. The security certificate presented by this website was issued for a different website's address. "&nbsp;

janus-paul · Answer

Hi,&nbsp;
yes I did. It is exactly issued for this server (including the domain).&nbsp;
Reg.&nbsp;
Janus&nbsp;

amintej · Answer

Ok, and also subject alternative name ? In case yes, it seems a problem with the CAs verification.&nbsp;

janus-paul · Answer

Hi,&nbsp;
finally I solved this issue. It was simpler than I expected.
I found the instruction in K52425065.
It was enough to copy the new certificate to /config/httpd/conf/ssl.crt/server.crt and restart the webd.&nbsp;
Thank you for all posted help.&nbsp;
Reg.&nbsp;
Janus&nbsp;

Forum Discussion

Install internal company security certificate on BIG-IQ.

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

My Security+ Certification Journey

APM Security: Protecting Internal Resources Using ACLs

Re: Management Certificate

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS