Forum Discussion
AltostratusSSL Certificate import
Trying to understand which import type to use to import a cert on F5? Under what criteria do we use a specific import type?
Dali_Chauhan_33Nimbostratus
what type of file you have , is it pfx format or cert format.
AnjuThank you for your response Dali. It was "cert" format when the application owner gave me first, but he did not give me the password. Now, he gave me .pfx and password along with it. I was successfully able to import it on F5 using PKCS 12 import type.. But, still my question is how can we decide which import type to use in a given situation.
Korai_331784Yes, I have similar question as I have .pfx three files and needs to import so which import type do i needs to select and what about root certificate so do I needs root cert as well.
- Dali_Chauhan_33
here we go,
Key---When using this procedure to import a new SSL key. its could be any text file or cert file. we only need to import key without any password. This method is used for private key upload.
certificate :- when you received a bundled cert folder with root and client cert and server vert bundle. The SSL certificate can be either a self-signed certificate or a trusted Certificate Authority (CA) certificate.
PKCS 12 --is used for .pfx file format with password .
A certificate revocation list (CRL) is a list of certificates that have been revoked. If you plan to upload the CRL using the Paste Text option, you should copy and paste the certificate into a text file using a text editor. The PEM CRL format uses the header and footer lines as follows:
-----BEGIN X509 CRL-----
[encoded data]-----END X509 CRL-----
To import a CRL file using the Configuration utility, perform the following procedure:
Impact of procedure: Performing the following procedures should not have a negative impact on your system.
Log in to the Configuration utility. Navigate to the SSL Certificate List: BIG-IP 13.0.0 and later:
System > Certificate Management > Traffic Certificate Management > SSL Certificate List
BIG-IP 12.1.2 and earlier:
System > File Management > SSL Certificate List
Click Import. From the Import Type list, select Certificate Revocation List. In the Certificate Revocation List Name section, type a name for the file. In the Certificate Revocation List Source section, click either Upload File or Paste Text. Click Import.
Achive--You can generate an SSL certificate/key archive file and then download the file to your local hard drive. The file is saved in the .tgz format.
- Korai_331784
Thanks Dali,
So in PFX case I have bundled which includes SSL certificate and Key so I just needs to import it right.
what about root certificate , how I can get that I thought its in same PFX bundled like it includes SSL Client cert, root cert and Key
- Dali_Chauhan_33
cer - certificate stored in the X.509 standard format. This certificate contains information about the certificate's owner... along with public and private keys.
when you import root certificate the file method is RSA Certificate & Key or simply RSA certificate(in case of no key)
pfx - stands for personal exchange format. It is used to exchange public and private objects in a single file. A pfx file can be created from .cer file. Can also be used to create a Software Publisher Certificate.
what exactly do you what to know? certificate installation in f-5 OR how cert works ?
- Anju
Thanks for the reply Dali Chauhan, Can you please share the link or can explain how the cert is installed on F5 and how it works?
Stephane_ViauThere is no such thing as a "cert" format. Your certificate could be in PEM format (base64 ASCII, most popular format and the only format supported by the BigIP), DER format (binary, not supported, need to be converted to PEM with a tool like OpenSSL) or PKCS12 (binary, used mostly by Microsoft folks, can be imported as the BigIP will convert it to PEM).
aaperson_255899Certificates can exist on multiple devices at the same time, so yes.
- Korai_331784
ok and thanks