Installing
certificates from the certificate authority
After you obtain an x509 certificate from a
certificate authority for the SSL Accelerator, you
must copy it onto each BIG-IP Controller in the
redundant configuration. You can configure the
accelerator with certificates using the
Configuration utility or from the command line.
To install certificates
using the Configuration utility
In the navigation pane, click Proxies. The Proxies
screen opens.
On Proxies screen, click the Install SSL Certificate
Request tab. The Install SSL Certificate screen
opens.
In the Certfile Name box, type the fully qualified
domain name of the server with the file extension
.crt. If you generated a temporary certificate when
you submitted a request to the certificate
authority, you can select the name of the
certificate from the drop down list. This allows you
to overwrite the temporary certificate with the
certificate from the certificate authority.
Paste the text of the certificate into the install
SSL Certificate window. Make sure you include the
BEGIN CERTIFICATE line and the END CERTIFICATE line.
Click the Write Certificate File button to install
the certificate.
To install certificates
from the certificate authority using the command
line
Copy the certificate into the following directory on
each BIG-IP Controller in a redundant system:
/config/bigconfig/ssl.crt/
Note:
The certificate you receive should overwrite the
temporary certificate generated by genkey or
gencert.
If you used the genkey or gencert
utilities to generate the request file, a copy of
the corresponding key should already be in the
following directory on the BIG-IP Controller:
/config/bigconfig/ssl.key/
To install the
intermediate certificate using the command line
Copy the intermediate certificate
(ComodoSecurityServicesCA.crt) into each BIG-IP
Controller in a redundant system. Open the
ComodoSecurityServicesCA.crt with a text editor.
Cut and paste the entire text of the certificate,
including the -----BEGIN CERTIFICATE----- and
-----END CERTIFICATE----- lines, into a file named
intermediate-ca.crt. Be careful not to include any
leading or trailing whitespace before the beginning
and ending hyphens.
Place the intermediate-ca.crt file in the directory
/config/bigconfig/ssl.crt/
Note: The ssl.crt directory is used
to store certificates and certificate authorities.
WARNING:In
a redundant system, the keys and certificates must
be in place on both controllers before you configure
the SSL Accelerator. You must do this manually; the
configuration synchronization utilities do not
perform this function.
|
