Forum Discussion
CirrusSSL certificate management - best practices anyone?
Hi,
F5 is where I first started to work with ssl certificates, but i do feel something is missing here in terms of usability. I need to manage quite a lot of ssl certificates which are provided by different vendors. This means I do have now quite a lot keys, certificates intermediates and a bunch of legacy and test profiles, that where created someday along the line, when I was not on the service yet. In a word - a huge mess.
What i wanted to ask is how you manage this on your devices? Is it better to use GUI or CLI. I want to create and maintain some overall process to keep this under control, so I'd be greatful for any tips and tricks of your own.
thanks
Kevin_Davies_40Nacreous
SSL certs should simply use the common name of the cert as their object name.
Keys and matching Certificates should be combined on the same entry in the SSL Certificates list. The only keys that should be left are those awaiting certificates to be issued. All expired certs should be removed and profiles that use them updated to current certificates.
SSL profiles should use the fqdn, eg clientssl_fqdn of the DNS entry used to target the virtual server. This fqdn should exist in the cert attached to the profile, either the common name or the subject alternate names as sometimes a cert many have many names associated with it.