F5 DUMP‎ > ‎

Import a SSL Certificate in .PFX format F5

posted 17 Jun 2016, 23:36 by Donald Ross   [ updated 17 Jun 2016, 23:48 ]
See link below for full article    

Step 1. Converting the PKCS12 (Certificate and Key) file to a PEM formatted file

1. Copy the PKCS#12 file (with extansion .pfx) to the /var/tmp directory on the BIG-IP system.
NOTE: For more information, refer to F5 SOL175: Transferring files to or from an F5 system.
 
2. Convert the PKCS12 file into a .PEM file by typing the following command:

openssl pkcs12 -in <PKCSfile> -out <filename>.pem -nodes

NOTE: If you use the -nodes switch, the system will discard the password on the key and the password will not be required
when importing the file to the BIG-IP system. To maintain the password on the BIG-IP system, do not use the -nodes switch.
You will then be required to supply the password when importing the key to the BIG-IP system.
 
3. A single PEM-encoded file is created.
 
4. Copy the PEM-encoded file from the BIG-IP system to your local workstation.
 
5. Using a text editor, divide the new PEM-encoded file into separate certificate and private key files by performing the following procedure:
 
  • Cut the text beginning with BEGIN CERTIFICATE and ending with END CERTIFICATE, making sure to include the BEGIN CERTIFICATE and END CERTIFICATE statements.

  • Save the certificate text as a new text file with a .crt extension. For example: mynewcert.crt
     
  • Cut the text beginning with BEGIN RSA PRIVATE KEY and ending with END RSA PRIVATE KEY, making sure to include the BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY statements.
 
Save the key text as a new text file with a .key extension. For example: mynewkey.key 

 
Step 2. Importing the certificate and private key files to the BIG-IP system

  1. Log in to the BIG-IP Configuration utility.

  2. Click Local Traffic.

  3. Click SSL Certificates.

  4. Click Import.

  5. Select Certificate from the Import Type menu.
  6. Type the desired name in the Certificate Name field.

  7. Click Browse.

  8. Navigate to select the certificate file copied to the workstation in the previous procedure.

  9. Click Import.

  10. Select Key from the Import Type menu.

  11. Type the desired name in the Key Name field.
    NOTE: To pair the private key with the certificate, use the same name you used for the certificate in Step 6.

  12. Click Browse.

  13. Navigate to select the private key file that you copied to the workstation in the previous procedure.

  14. Click Import.

  15. Click the newly-imported certificate and private key pair to view the certificate and key properties.

  16. You now have imported PEM-formatted certificate files and private key files that you can use with BIG-IP Client SSL profiles. 

 
Comments