Forum Discussion
AltostratusProcedure to generate CSR through LTM
Hello Friends,
Is there any way to generate CSR from LTM... Please share the procedure if any..
4 Replies
- nitass
Employee
sol14620: Managing SSL certificates for BIG-IP systems using the Configuration utility
https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html 
StephanMantheyNacreous
It depends a bit what you want the certificate to be used for (ltm, device certificate, certificate to be used for inter device communication i.e. via iQuery). Especially if your certs are NOT to be used for LTM the signing certificate authority must adopt the requested attributes in the CSR.
In case of using subject alternative names it might be necessary to switch to command line to create a new CSR (consumer parameter specifies the purpose of the new certificate):tmsh create sys crypto key gen-csr "" consumer ltm key-size 2048 \ city "" state "" country "" \ organization "" ou "your_org_unit" \ subject-alternative-name "DNS:,DNS:" \ common-name ""A CSR will be created. The related private key will be found in the TMOS filestore. Please do NOT append an extension like .key, .crt or .csr to the "".
Only the common-name is mandatory.
Mahmoud_Eldeeb_Cirrostratus
below link will be helpful https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html
SteveMPNimbostratus
While it is possible through LTM, I have found it much easier to use this free tool here: https://www.digicert.com/util/
I have to deal with a lot of certs and renewals, etc. This tool is really intuitive to use to import, renew, generate CSRs, export private keys etc. If you have to deal with them a lot it may be worth taking a look at.
