Forum Discussion
Dilip_bhapkar06
Nimbostratus
NimbostratusPublic Key( CSR ) generation for SSL certificate in F5
Hi Friends,
In past, we are sucessfully creating SSL certifiacte in F5 through generating RSA private key and send this key to our internal CA (Certifying Authority) who generates SSL certificate for us then we import this certificate to our F5 device. And all works fine.
Now the problem is we have one client whose requirements is different hence we need to generate ssl certifiacte from third party vendor (verisign) for us. For this, vendor (verisign) requires public key(CSR file) for creating SSL certifiacte for us.
Kindly provide us the procedure to generate Public key (CSR file) in F5.
As per our knowledge only private key is generated by F5. Kindly suggest us that there is any other options to generate public key in F5 device.
Thanks
13 Replies
Galactico_76554Dilip,
Are you referring to create a CSR file from BigIP?.
To generate -
Main tab, expand Local Traffic, and click SSL Certificates.
On the upper-right portion of the screen, click Create.- JRahm
Admin
Moving to ADVDC General Discussion 
hoolioCirrostratus
As Renith suggested, you can generate a new private key and a CSR via the GUI. You could also do this using openssl or any other cert/key tool if you wanted to. You would then import the key (and cert once you receive it from the CA).
Aaron
Dilip_bhapkar06Hi ,
Thanks a lot friends,
Now i got the CSR file which is under /config/ssl/ssl.csr folder.
Actually i need public key ( also known as CSR file) which i m not able to see through GUI. Only private key i m able to download through GUI (as per i known).
If there is any way to get CSR file from GUI itself then kindly let me know.
Thanks again
Dilip
natheCirrocumulus
Dilip,
Create the CSR file from the GUI (that's the way I did it), download the CSR file and then on Verisign's website you can upload it here. They will then send you back the signed certificate for you to re-import. I remember when I did this I had to convert it from a .pfx file to a .pem file first (sol6549) and then the instructions said to split into it's 2 parts (cert and key) but this didn't work for me. I just did an import of the .pem file and this worked a treat to create the two parts.
N
Bauke_7242Jason, need some help...
1- How do you generate a CSR certificate in PEM Format ( in F5-A) to be sent to CA?
2- How do you import a certificate received from CA to a second machine (F5-B)?
Thanks
bauke- JRahmSolution 10167 (Click Here) links to several other solutions that should help you achieve your request. Assuming F5-A and F5-B are an HA pair, then you just sync the box to copy over once te certificate is installed.
Ashish_Ram_Tak1Hello All,
Can any one tell me that while generating .CSR one key associated with that .CSR is generated. Is it a public key or private key??
Regards,
Ashish Takawale.- natheAshish
When doing a CSR the F5 will create a private/public key pair. It will generate a key file - which will be the private key and a CSR which will include the public key - you send this to the Certificate Authority, for example.
Hope this helps,
N - Ashish_Ram_Tak1Thanks Nathan could you please let me know how this public and private key works?
