02-Sep-2022 12:19
I have F5 box, I have installed 3 SSL profile like *.cn, *.com and *.ru.
When I see F5 configuration, I see there are one id_rsa and onr id_rsa.pub keys.
Just I need to clarify, those files contains all 3 private and 3 public keys, or I need to save more keys from other location.
Please mind, I am new to F5, just few months experience.
02-Sep-2022 13:10
No, don't think so.
id_rsa and id_rsa.pub are typically how SSH public/private keys are stored. Assuming you're creating client SSL profiles for TLS traffic, those certs are loaded under System ›› Certificate Management : Traffic Certificate Management : SSL Certificate List.
03-Sep-2022 00:07
Sorry for misinformation.
I have created profiles, uploaded certificates as well. There are many profiles and for them, I have uploaded total 3 certificate like abc.com, xyz.cn and mno.ru.
When we upgrade the software, we download the keys id_rsa and id_rsa.pub and then upload after upgrade.
I need the clarificatiion what those files contains. As per me, those files contains keys for all three certificate private and public keys. is it true or what os in those two files?
03-Sep-2022 09:16
Just cat the files to see what's inside.
cat id_rsa
cat id_rsa.pub
My guess is you'lll see a single SSH cert and single SSH key, which is not what you're looking for. These are normally key file you'd use to SSH remote into a machine.
The TLS certificates you import for client SSL profiles are generally stored in the file system and will have a .crt or .cer extension.
05-Sep-2022 08:56
You are right, there is only single BEGIN RSA PRIVATE KEY- in id_rsa and single public key in id_rsa.pub.
Could you please just let me know where do we use those keys as we use Active directory credentials to login to F5. Just write the purpose of those keys or any article, where I can read about them and we can close this topic.
Thanl You.
06-Sep-2022 03:54
Sure. The questions asked were to attempt to understand the challenges. id_rsa keys are not used for TLS traffic, so you would not apply these to BIG-IP SSL profiles. You would normally use this type of key for SSH remote access to some system. You could also see these keys used in an AFM SSH proxy configuration:
You might have also used id_rsa keys for SSH public key auth to the BIG-IP: https://support.f5.com/csp/article/K13454
Here's some additional information you might find useful regarding TLS certs/keys:
Otherwise, AD remote user logon (to the BIG-IP) does not use id_rsa (SSH) keys: https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-systems-user-account-administration/remote-user-ac...