Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to import a SSL Cert and Key to F5.

RJ_171490
Nimbostratus
Nimbostratus

‎05-Sep-2018 10:49 - last edited on ‎07-Jun-2023 15:17 by Community Manager

I'm browsing the SSL certificate list which I got from Comodo, and there are different types of Contents with the below mentioned extentions. I have experience in uploading certificates to F5 which is in .pfx format that contains both certificate and key in a single file but the newly received CA certificates giving me a hard time understanding which one is a cert file and which one is key file. Can someone help.

 

xyz_com.cer

 

xyz_com.crt

 

xyz_com.p7b

 

xyz_cert.cer

 

xyz_com_interm.cer

 

Labels:
0 Kudos
4 REPLIES 4

RJ_171490
Nimbostratus
Nimbostratus

‎05-Sep-2018 11:09

Edit: I have got the SSL certificate list from our Server team not Comodo.

 

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee

‎05-Sep-2018 11:45 - last edited on ‎02-Jun-2023 08:25 by Fog

.cer, crt, and .p7b files are almost always (public) certificates. A private key would normally have a .key or .pem extension, but of course can be stored in pkcs12 .p12 or .pfx file. It doesn't look like any of the certificates you've listed are private keys, but you may still need to open them all in a text editor to know for sure.

If the file contains a string that looks like this

-----BEGIN RSA PRIVATE KEY-----

then that will be a private key.

0 Kudos

Philip_Jonsson
MVP
MVP

‎05-Sep-2018 12:36

If you are renewing a certificate then it will simply re-use the already existing key. The only thing that gets renewed is the public certificate. Have you tried following this guide?

 

Importing a renewed SSL certificate

 

https://support.f5.com/csp/article/K1462014

 

When you import a renewed SSL certificate, you overwrite the existing certificate/key with the one you are importing. The SSL profile then automatically uses the renewed certificate to encrypt the SSL sessions.

 

Important: Existing connections continue to use the old SSL certificate until the connection completes or are renegotiated or until TMM is restarted.

 

Impact of procedure: Performing the following procedure should not have any impact to the existing traffic and new traffic will utilize the new certificate.

 

  1. Log in to the Configuration utility.
  2. Navigate to System > Certificate Management > Traffic Certificate Management > SSL Certificate List

Note: For BIG-IP 12.x and earlier, navigate to System > File Management > SSL Certificate List.

 

  1. Click Import.
  2. In the Import Type list, click Certificate.
  3. For Certificate Name, click Overwrite Existing.
  4. In the Certificate Name list, click the certificate to replace.
  5. For Certificate Source, click either Upload File and browse to the file or Paste Text and paste plain text into the box.
  6. Click Import.

To be honest I always generate a completely new PFX or CSR in order to renew both the certificate and key for security reasons. It will also give me the possibility to revert back to the old certificate in case there are some issues with the newly generated certificate/key. The only thing I have to do after uploading the new certificate/key pair is make the switch in the Client SSL Profile.

 

0 Kudos
Copyright © 2023 Khoros, LLC