SSL Cert

Does the cert and private key already exist somewhere else (i.e are you moving this SSL from another server to the BigIP?). If so, then you simply need to export he cert and key from the original location and import them into the BigIP. If you look under the local traffic management menu of the BigIP, there's an item for SSL certificates. In there you can import keys and certificates.

 

 

If it's a new cert you need, then create a new key from the BigIP GUI (At least 2048 bits in length) with the correct CN and other info, then submit the CSR (Certificate SIgning Request) to a suitable CA, pay them some dosh and they'll send you a signed vert. You them import that into the BigIP.

 

 

Once the cert and key are on BigIP you just need to create new clientssl profile and attach that to the VS you want to have perform the SSL Offload function.

 

 

H

thank you for the response Hamish.

 

 

can we export keys and cert using bigpipe cli command line. If yes, what would be those commands.

Any files should be in the PEM format, although I think PKCS12 is now supported too, in v11?

Are you moving from one bigip to another? If so save as an archive, and then just load the archive.

 

 

H

no it is from a server to bigip.

Right. So you need to export the SSL cert and key from the server (Obviously no bigip CLI command there) and import them into BigIP. Make sure they're exported in PEM format to save troubles.

 

 

H

 

Doubly & Triply make sure that when the SSL key is exported and provided to you it isn't emailed or anything silly like that. The key is just that. A key. if it's compromised, generate a new key and CSR and get it signed. Get the compromised one REVOKED by the CA who signed it. You DO NOT want to have your private key out there (With it anybody can spoof you and decrypt the traffic to your server).

 

 

H