csr

4 Topics

Question on CSR and SSL
Please someone help me clear below doubt. Below is the scenario i am demonstrating in LAB. 1) I have generated CSR on LTM and provided to CA (CA is my Windows server 2012) 2)With the help of open SSL on Windows server 2012 i generated public and private key pair and signed the CSR. "TESTVIP" is name of my newly signed certificate. I also extracted public key from CAserver. 3)I have imported "TESTVIP" certificate and private key in LB(got private key while generating CSR on LB). Question1) When i am associating this (TESTVIP and private key) to client SSL profile it is giving me an error "KEY and certificate do not match. Though i have done it correctly. Question2) Also i am trying to install CA public key in end user browser to trust the website, but it says "this file is invalid for use as following security certificate". How can i establish that green lock symbol in URL in such LAB scenario? Any help would be appreciated.
Nitesh
Aug 12, 2021 Place Technical Forum
1.4KViews
1like
8Comments
SCEP in F5
Hello Is there SCEP option in F5 for auto enrollment after generating CSR ? or should I use an external device for that ? or maybe irule .. ? Because I can't find the option in F5 machine
Abed_AL-R
Nov 27, 2020 Place Technical Forum
523Views
0likes
0Comments
How to Create a CSR in Powershell/iControl using an Existing Key
Hello, I am trying to automate CSR creation on the BigIP with iControl/Powershell. I can easily create new CSRs using new keys, but I can't figure out how to generate a CSR using an existing key. We need to do this so that we can update our SAN certs without invalidating the existing Certificate/key pair while we process the request with our provider. I use this to create a new key for a brand new CSR/Certificate request ... $CSRKey = New-Object -TypeName iControl.ManagementKeyCertificateKey_v2; $CSRKey.id = 'www.sitename.com'; $CSRKey.key_type = 'KTYPE_RSA_PUBLIC'; $CSRKey.bit_length = 2048; $CSRKey.security = 'STYPE_NORMAL'; ... but I can't find any functions in the iControl Reference Wiki to grab an existing key to use for the CSR. Can anyone point me in the right direction? Thanks!, Sean
Sean_Powell
Apr 08, 2016 Place Technical Forum
341Views
0likes
1Comment
ECDSA prime256v1 CSR file signing
Hello guys, I would be very pleasured for a small advice. We're changing a SSL certificate for our production server. Untill now we were using RSA as CSR generation alorithm. However Symantec now offers signing with ECC with RSA root so we would like to swtich to this variant. My question is: In this case, do I have to generate CSR with key type ECDSA and curve name prime256v1 to be able to send for signing with ECC with RSA root to Symantec? We use BIG-IP model 2200 , Version 11.5.1. Many thanks for your response. Ivan
IvanU_219096
Oct 11, 2016 Place Technical Forum
299Views
0likes
0Comments