Forum Discussion

Cirrus

Apr 18, 2017

SSL certificate management - best practices anyone?

Hi, F5 is where I first started to work with ssl certificates, but i do feel something is missing here in terms of usability. I need to manage quite a lot of ssl certificates which are provided ...

Nacreous

Apr 18, 2017

SSL certs should simply use the common name of the cert as their object name.

Keys and matching Certificates should be combined on the same entry in the SSL Certificates list. The only keys that should be left are those awaiting certificates to be issued. All expired certs should be removed and profiles that use them updated to current certificates.

SSL profiles should use the fqdn, eg clientssl_fqdn of the DNS entry used to target the virtual server. This fqdn should exist in the cert attached to the profile, either the common name or the subject alternate names as sometimes a cert many have many names associated with it.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL certificate management - best practices anyone?

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Automating Certificate Management on F5 BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

Re: Management Certificate

AS3 Best Practice

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS