Wildcard SSL cert problems on 4.5.13

I have a pair of 2400's running 4.5.13, and I'm having all manner of trouble getting a wildcard SSL cert to work. I pulled down a few docs from the KB that walked me through generating the request, applying the cert, and creating the proxy Here's the detail:

 

- When I generated the original CSR, I couldn't generate it via the CertAdmin gui - it returned an error which I didn't record at the time. Another resource said that I would likely have to drop to the shell to generate the csr.

 

- I generated the CSR for the cert using genkey and submitted it to my CA.

 

- I received the CRT file from the CA. I renamed the self-signed certificate CRT file in /config/bigconfig/ssl.crt. I then copied the new CRT files from the CA and renamed them to the correct naming convention.

 

- I've created a pool with the appropriate webs servers, a virtual server pointing to the pool, and an SSL proxy that points to the virtual server.

 

- My firewall rule is correct.

 

When I attempt to load the page, IE returns a "cannot dislplay the webpage" error. I've recorded the transaction with HTTPWatch, and it simply says "Error_Internet_Security_Channel_Error"

 

I've been troubleshooting it all day. If I load an SSL cert on the local webserver, configure the BigIP virtual server and pool to point to the local webserver for ssl, it works. The one note is that I'm using a different cert on the local webserver. I can't seem to export the cert and the private key from the BigIP.

 

I'm clearly doing something wrong, but I'm out of ideas.