Forum Discussion

Cirrus

Apr 18, 2017

SSL certificate management - best practices anyone?

Hi, F5 is where I first started to work with ssl certificates, but i do feel something is missing here in terms of usability. I need to manage quite a lot of ssl certificates which are provided ...

Nacreous

Apr 18, 2017

SSL certs should simply use the common name of the cert as their object name.

Keys and matching Certificates should be combined on the same entry in the SSL Certificates list. The only keys that should be left are those awaiting certificates to be issued. All expired certs should be removed and profiles that use them updated to current certificates.

SSL profiles should use the fqdn, eg clientssl_fqdn of the DNS entry used to target the virtual server. This fqdn should exist in the cert attached to the profile, either the common name or the subject alternate names as sometimes a cert many have many names associated with it.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL certificate management - best practices anyone?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

F5 DNS Logs in JSON Format

Geo location update

Help with an iRule to disconnect active connections to Pool Members that are "offline"

block a specific user

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Certificate Automation for BIG-IP using CyberArk Certificate Manager, Self-Hosted

Re: Management Certificate

AS3 Best Practice

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS