Forum Discussion
Terry_Yau_91196
Nimbostratus
NimbostratusWindow SSL Certificate to Loadbalancer
Hello,
I face a problem to put the window SSL Certification to F5 loadbalancer.
First, I export the certificate from window server and paste the String to Loadbalancer. Then the SSL certificate can be imported to load balancer.
However, I can't create a SSL Client profile if I only choose the imported certificate. It prompt the error message with "the certificate and key do not match.
Is it necessary to import the certificate and key to load balancer?If yes, how can I get the key from the window server?
Actually, I try to create a new SSL certificate in window server, there is only certreq.txt generated to CA, no any other private key?
Thanks and Regards,
Terry
hoolioCirrostratus
Hi Terry,
In order to decrypt the client traffic using the SSL certificate, you must import the key which was created with the CSR you sent to the CA. The key would have been generated at the same time the certreq.txt file was created. It should be on the server you generated the CSR on. If you get stuck on this, you might try searching for details on Microsoft's site or posting on a Windows-specific forum.
Once you get the cert/key, if you have any problems and don't find any related solutions on AskF5.com, reply here and someone can help.
Aaron
L4L7_53191Terry, if you haven't already, check out the solution (Sol6549) titled "Converting PKCS certificates to PEM format for use with the BIG-IP LTM and ASM".
It can be found at: https://support.f5.com/kb/en-us/solutions/public/6000/500/sol6549.html
Hopefully this will help you. I've found this one to be extremely useful in the past and I refer to it every time I have to convert IIS certificates to PEM format for the BigIP.
-Matt