Forum Discussion

mulhollandm_648's avatar
mulhollandm_648
Icon for Nimbostratus rankNimbostratus
Aug 26, 2009

Server Cert install problems

folks     i'm having difficulties installing a server cert on my F5 4300     i have generated the csr and sent it to my CA (an internal PKI server) but when i get the Base64 cert...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 26, 2009
Are the cert and key PEM encoded? If not, you'll need to convert them to PEM first. You can use openssl on LTM to do this. Just search for convert certificate on AskF5.

 

 

If the cert/key are in PEM format, you should see the following format:

 

 

 

-----BEGIN CERTIFICATE-----

 

MIIEPzCCA6gCAQEwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVYMRYwFAYD

 

YEAUAk16xvH2y3cS3Zf3TVQA7lu4JGqiP8YBRjhHvvZwOm3IAYMlZ7OsURGEZkC

 

...

 

EeCDRJvnwAk1PK8YUJk5dWBF7u30ndaQ+Bov1vlAy1qGrTpg/N79rdqSjnU881Tb

 

JdhGUTzpSZKIwLLckSkxkzP/65NG6IxOr+i1oAVkBdJ1N48=

 

-----END CERTIFICATE-----

 

 

 

 

If you see multiple certs in the file, you'll want to split out the actual server cert from the rest. You can use openssl to print out details on the cert:

 

 

openssl x509 -in server.example.com.crt -noout -text

 

 

Check for the certificate subject to see which cert is which. Then copy out just the server cert. You can either copy the file to /config/ssl/ssl.crt/ or upload it via the GUI.

 

 

Once you have just the server cert imported, you can try to import the key through the GUI as well.

 

 

Aaron