Create a CSR and Key using the BigIP LTM GUI when renewing a certificate
Hi, I use the F5 Bigip LTM to create CSR's and Keys. I submit the CSR to our public CA to obtain the Certificate and then import the generated certificate to the F5. I use the F5 Certificate Management GUI as a database for all of our Public Certificates (as they are all in use in our SSL profiles). All this is good, however after 13 months when it is time to renew the certificate, I use the F5 GUI to renew the CSR. The problem is that the GUI does not allow me to create a new key when using the "Renew" option. I could use other command line tools for this, but it would be easier to manage in the F5 GUI. Does anyone know if there is a way to renew a certificate from the F5 GUI and have it create a new Key? For example click on "System / Certificate Management". Then click on a Public CA Certificate and click "Renew". Fill out the required fields and have it generate a new key. Any advice is appreciated.
HTTPS 8443 Redirect to a pool with 8080 and an URI
Hi Guys, I am having difficulties accessing an internal pool with port 8080 and a extra URI. Curl -vvv gives me an error based on SSL. I think that is not the case here, because I see the request coming in but not redirected properly. My BIGIP version is 16.1.5 Backend pool is not accessible from Internet and does not have a internal / external DNS entry. So statically added backend member with port 8080 only gives response to an API call only if an extra URI being used. So while redirecting will happened at the backend I need to preserve the original request URL:8443/<URI> while getting the response. I have tried many articles and iRule / LTM policies. But still no success! So far I have configured the following: Virtual server listening to 8443 and pool listening to 8080. Heal monitor is OK! Client side certificate is uploaded SSL offloading is enabled on the Client Side HTTP profile added SNAT added with a IP from a Pool. Address / Port Translation is enabled. And a curl from the F5 itself to the backend pool with http://xx.xx.xx.xx:8080/uri gives proper response. It means end to end connectivity should be there. Last iRule which I have tried with: -------------- when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/uri/" { pool <pool_based_on_member_with_port_8080> return } } } ----------------- Is there anyone out there help me with this setup?