Forum Discussion

Ishaq's avatar
Ishaq
Icon for Nimbostratus rankNimbostratus
May 01, 2024

Wildcard SSL Certificate Deployment on F5 LTM

We utilize F5 load balancer to generate CSR and implement Entrust SSL certificates across all subdomains within our infra. We're exploring the possibility of deploying a wildcard SSL certificate for ...
security
  • Paulius's avatar
    Paulius
    May 06, 2024

    You should be able to generate a key and CSR using the following. Please keep in mind that you need to fill out the pieces of the configuration file so that it creates it appropriately for your purpose. The configuration file, for this example, should be named wildcard.example.com.cnf.

    [ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext

[ req_distinguished_name ]
countryName         = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName        = Locality Name (eg, city)
organizationName    = Organization Name (eg, company)
commonName          = *.example.com

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = *.example.com
DNS.2 = (additional_FQDN)
DNS.3 = (additional_FQDN)
DNS.4 = (additional_FQDN)
    openssl req -new -config wildcard.example.com.cnf -keyout wildcard.example.com.key -out wildcard.example.com.csr

    When you run the above command from the F5 cli it should prompt you to setup a new passphrase, which you should configure, this will be used to encrypt the key and keep it secure. You can take the .csr file and give that to your CA who can then provide you an SSL certificate to match your key.

Paulius's avatar
Paulius
Icon for MVP rankMVP
May 01, 2024

If you're referring to the SSL profile that's associated to a virtual server configuration you can apply the wildcard SSL certificate without issue. Are you experiencing an error when using the wildcard SSL cert and key?