cancel
Showing results for 
Search instead for 
Did you mean: 

RSA Certificate & Key question

Amrishinweb
Nimbostratus
Nimbostratus

I have F5 box, I have installed 3 SSL profile like *.cn, *.com and *.ru.

When I see F5 configuration, I see there are one id_rsa and onr id_rsa.pub keys.

Just I need to clarify, those files contains all 3 private and 3 public keys, or I need to save more keys from other location. 

Please mind, I am new to F5, just few months experience.

5 REPLIES 5

Kevin_Stewart
F5 Employee
F5 Employee

No, don't think so. 

id_rsa and id_rsa.pub are typically how SSH public/private keys are stored. Assuming you're creating client SSL profiles for TLS traffic, those certs are loaded under System ›› Certificate Management : Traffic Certificate Management : SSL Certificate List.

Amrishinweb
Nimbostratus
Nimbostratus

Sorry for misinformation.

I have created profiles, uploaded certificates as well. There are many profiles and for them, I have uploaded total 3 certificate like abc.com, xyz.cn and mno.ru.

When we upgrade the software, we download the keys id_rsa and id_rsa.pub and then upload after upgrade.

I need the clarificatiion what those files contains. As per me, those files contains keys for all three certificate private and public keys. is it true or what os in those two files?

Kevin_Stewart
F5 Employee
F5 Employee

Just cat the files to see what's inside.

cat id_rsa 
cat id_rsa.pub

My guess is you'lll see a single SSH cert and single SSH key, which is not what you're looking for. These are normally key file you'd use to SSH remote into a machine.

The TLS certificates you import for client SSL profiles are generally stored in the file system and will have a .crt or .cer extension.

You are right, there is only single BEGIN RSA PRIVATE KEY- in id_rsa and single public key in id_rsa.pub.

 

Could you please just let me know where do we use those keys as we use Active directory credentials to login to F5. Just write the purpose of those keys or any article, where I can read about them and we can close this topic.

 

Thanl You.

Kevin_Stewart
F5 Employee
F5 Employee

Sure. The questions asked were to attempt to understand the challenges. id_rsa keys are not used for TLS traffic, so you would not apply these to BIG-IP SSL profiles. You would normally use this type of key for SSH remote access to some system. You could also see these keys used in an AFM SSH proxy configuration:

You might have also used id_rsa keys for SSH public key auth to the BIG-IP: https://support.f5.com/csp/article/K13454

Here's some additional information you might find useful regarding TLS certs/keys:

Otherwise, AD remote user logon (to the BIG-IP) does not use id_rsa (SSH) keys: https://techdocs.f5.com/en-us/bigip-17-0-0/big-ip-systems-user-account-administration/remote-user-ac...