For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nitesh's avatar
Nitesh
Icon for Cirrus rankCirrus
Aug 12, 2021

Question on CSR and SSL

Please someone help me clear below doubt. Below is the scenario i am demonstrating in LAB. 1) I have generated CSR on LTM and provided to CA (CA is my Windows server 2012) 2)With the help of open S...
application delivery
BIG-IP
csr
ssl
SSL Orchestrator
Mike757's avatar
Mike757
Icon for MVP rankMVP
Aug 20, 2021

Hi Nitesh

 

I think you made some error here: "i generated public and private key pair and signed the CSR".

 

When you create a CSR, you do so based on a private key. If you created the CSR in BIG-IP, the private key is automatically created for you, and stored there.

 

If you create a public certificate based on a new private key you generated elsewhere, it will never match the private key stored in BIG-IP.

 

When you use public CAs, the whole point of using a CSR is that you don't ever have to share the private key. The concept here is similar - you provide the CSR so the CA signs it. No new private key is created.

 

About importing CA certificates to a test client, be aware that Firefox uses its own CA list. IE/Edge/Chrome use windows certificate store. You should import your CA certificate to either user or computer certificate store, under "Trusted Root Certification Authorities > Certificates".

 

Hope it helps.

 

Mike