How to create an SSL profile with certificates and keys managed by Venafi

Question

QUESTION on F5 and Venifi integration
In my current scenario, had to create a VIP with an SSL profile. The SSL profile had to be created first with SSL key&amp;cert before a VIP can be created. 
In the near future, the team is moving to Venafi. 
How would the VIP creation would look like now? 
Is F5 able to see all the SSL Certs and Keys in Venifi and use them?

[or] 
Would it need to tell Venifi to insert the Certs and Key after creating the VIP?

rob_carr · Answer

It looks like the Venafi understands objects like virtual servers, profiles and associated certificates on the F5. From the Venafi Partner Brief on F5:

"Here’s how the joint solution works. To streamline certificate management for F5, the Venafi Platform discovers and auto-creates objects that represent every virtual server (VIP) including unique settings, such as SSL Profile, Certificates, Root Bundles, and more. This allows you to rotate keys in bulk in just a couple of clicks. For example, this would allow you to rotate hundreds of certificate keys on your F5 solutions from SHA1 to SHA2 in a matter of hours, not days or weeks. Plus, the Venafi platform automatically creates and updates the certificate inventory and associated configuration, vastly reducing time and effort required to provision certificates."

Forum Discussion

How to create an SSL profile with certificates and keys managed by Venafi

1 Reply

Recent Discussions

google-visualization-issues

The best load balance method on this scenario?

SMS server with BIGIP

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

Related Content

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

Automating certificate lifecycle management with HashiCorp Vault

Minimizing Security Complexity: Managing Distributed WAF Policies

F5 Venafi Solution for Enterprise Key and Certificate Management