Forum Discussion
Ishaq
Nimbostratus
NimbostratusWildcard SSL Certificate Deployment on F5 LTM
We utilize F5 load balancer to generate CSR and implement Entrust SSL certificates across all subdomains within our infra. We're exploring the possibility of deploying a wildcard SSL certificate for a domain and its associated subdomains. ltm version is 14.1.5
If feasible, we seek guidance on the process of importing and deploying it within F5.
You should be able to generate a key and CSR using the following. Please keep in mind that you need to fill out the pieces of the configuration file so that it creates it appropriately for your purpose. The configuration file, for this example, should be named wildcard.example.com.cnf.
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = *.example.com [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = *.example.com DNS.2 = (additional_FQDN) DNS.3 = (additional_FQDN) DNS.4 = (additional_FQDN)openssl req -new -config wildcard.example.com.cnf -keyout wildcard.example.com.key -out wildcard.example.com.csrWhen you run the above command from the F5 cli it should prompt you to setup a new passphrase, which you should configure, this will be used to encrypt the key and keep it secure. You can take the .csr file and give that to your CA who can then provide you an SSL certificate to match your key.
- Paulius
MVP
You should be able to generate a key and CSR using the following. Please keep in mind that you need to fill out the pieces of the configuration file so that it creates it appropriately for your purpose. The configuration file, for this example, should be named wildcard.example.com.cnf.
[ req ] default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = *.example.com [ req_ext ] subjectAltName = @alt_names [alt_names] DNS.1 = *.example.com DNS.2 = (additional_FQDN) DNS.3 = (additional_FQDN) DNS.4 = (additional_FQDN)openssl req -new -config wildcard.example.com.cnf -keyout wildcard.example.com.key -out wildcard.example.com.csrWhen you run the above command from the F5 cli it should prompt you to setup a new passphrase, which you should configure, this will be used to encrypt the key and keep it secure. You can take the .csr file and give that to your CA who can then provide you an SSL certificate to match your key.
IshaqThanks for all , but still I am unable to understand, I aim to deploy a wildcard certificate without relying on individual Entrust certificates for each domain and its subdomains. How can I generate single wildcard certificate within the F5 platform for a domain and its subdomain.
HarunTAltocumulus
alpha_mannI tried some steps a few days ago from a blog post and it's really worked well for me. I hope this will work for you. https://cheapsslweb.com/resources/how-to-install-ssl-certificate-on-f5-server
- Ishaq
Thanks for Answering , I am using entrust certificate for domain and sub domain which is running through f5 ltm. Recently my management wants to use wildcard certificate for all domain and it's sub-domain, I don't have any idea how to perform this task with f5, so please provide technical guidelines to do this task in f5.
- Paulius
If you're referring to the SSL profile that's associated to a virtual server configuration you can apply the wildcard SSL certificate without issue. Are you experiencing an error when using the wildcard SSL cert and key?