Hi Friends, In past, we are sucessfully creating SSL certifiacte in F5 through generating RSA private key and send this key to our internal CA (Certifying Authority) who generates SSL certificate for us then we import this certificate to our F5 device. And all works fine. Now the problem is we have one client whose requirements is different hence we need to generate ssl certifiacte from third party vendor (verisign) for us. For this, vendor (verisign) requires public key(CSR file) for creating SSL certifiacte for us. Kindly provide us the procedure to generate Public key (CSR file) in F5. As per our knowledge only private key is generated by F5. Kindly suggest us that there is any other options to generate public key in F5 device. Thanks

Dilip, Are you referring to create a CSR file from BigIP?. To generate - Main tab, expand Local Traffic, and click SSL Certificates. On the upper-right portion of the screen, click Create.

Moving to ADVDC General Discussion

As Renith suggested, you can generate a new private key and a CSR via the GUI. You could also do this using openssl or any other cert/key tool if you wanted to. You would then import the key (and cert once you receive it from the CA). Aaron

Hi , Thanks a lot friends, Now i got the CSR file which is under /config/ssl/ssl.csr folder. Actually i need public key ( also known as CSR file) which i m not able to see through GUI. Only private key i m able to download through GUI (as per i known). If there is any way to get CSR file from GUI itself then kindly let me know. Thanks again Dilip

Dilip, Create the CSR file from the GUI (that's the way I did it), download the CSR file and then on Verisign's website you can upload it here. They will then send you back the signed certificate for you to re-import. I remember when I did this I had to convert it from a .pfx file to a .pem file first (sol6549) and then the instructions said to split into it's 2 parts (cert and key) but this didn't work for me. I just did an import of the .pem file and this worked a treat to create the two parts. N

Public Key( CSR ) generation for SSL certificate in F5

Galactico_76554
Nimbostratus
Apr 05, 2010
Dilip,

Are you referring to create a CSR file from BigIP?.

To generate -

Main tab, expand Local Traffic, and click SSL Certificates.

On the upper-right portion of the screen, click Create.
JRahm
Admin
Apr 05, 2010
Moving to ADVDC General Discussion
hoolio
Cirrostratus
Apr 06, 2010
As Renith suggested, you can generate a new private key and a CSR via the GUI. You could also do this using openssl or any other cert/key tool if you wanted to. You would then import the key (and cert once you receive it from the CA).

Aaron
Dilip_bhapkar06
Nimbostratus
Apr 07, 2010
Hi ,

Thanks a lot friends,

Now i got the CSR file which is under /config/ssl/ssl.csr folder.

Actually i need public key ( also known as CSR file) which i m not able to see through GUI. Only private key i m able to download through GUI (as per i known).

If there is any way to get CSR file from GUI itself then kindly let me know.

Thanks again

Dilip
nathe
Cirrocumulus
Apr 07, 2010
Dilip,

Create the CSR file from the GUI (that's the way I did it), download the CSR file and then on Verisign's website you can upload it here. They will then send you back the signed certificate for you to re-import. I remember when I did this I had to convert it from a .pfx file to a .pem file first (sol6549) and then the instructions said to split into it's 2 parts (cert and key) but this didn't work for me. I just did an import of the .pem file and this worked a treat to create the two parts.

N
Bauke_7242
Nimbostratus
Jun 25, 2010
Jason, need some help...

1- How do you generate a CSR certificate in PEM Format ( in F5-A) to be sent to CA?

2- How do you import a certificate received from CA to a second machine (F5-B)?

Thanks

bauke
JRahm
Admin
Jun 25, 2010
Solution 10167 (Click Here) links to several other solutions that should help you achieve your request. Assuming F5-A and F5-B are an HA pair, then you just sync the box to copy over once te certificate is installed.
Ashish_Ram_Tak1
Nimbostratus
Dec 06, 2012
Hello All,

Can any one tell me that while generating .CSR one key associated with that .CSR is generated. Is it a public key or private key??

Regards,

Ashish Takawale.
nathe
Cirrocumulus
Dec 06, 2012
Ashish

When doing a CSR the F5 will create a private/public key pair. It will generate a key file - which will be the private key and a CSR which will include the public key - you send this to the Certificate Authority, for example.

Hope this helps,

N
Ashish_Ram_Tak1
Nimbostratus
Dec 06, 2012
Thanks Nathan could you please let me know how this public and private key works?