SSL Certificate CSR Creation for F5 BIG-IP

If you already have your SSL Certificate and just need to install it, see
SSL Certificate Installation :: f5 BIG-IP.

How to generate a CSR using an F5 BIG-IP Loadbalancer (version 9)

  1. Launch the F5 BIGIP web GUI.
  2. Under Local Traffic select "SSL Certificates" then "Create."
  3. Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).

  4. Under Certificate Properties enter the following information:

    Issuer: Certificate Authority (DigiCert)

    Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)

    Division: Your department, such as 'Information Technology'

    Organization: The full legal name of your organization (e.g., DigiCert Inc)

    Locality, State or Province, Country: City, state, and country where your organization is located

    E-mail Address: Your email

    Challenge Password, Confirm Password: Your password

  5. Under "Key Properties", choose 2048.

  6. Click the Finished button.

    You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the DigiCert order process when prompted.

  7. After you receive your SSL Certificate from DigiCert, you can install it.

    See SSL Certificate Installation :: f5 BIG-IP.

CSR Generation (Earlier versions of Big-IP)

  1. First, login to the BIG-IP device as the root user and run the following command:

    # /usr/local/bin/genconf

    You will be asked to enter your company details including the full legal company name and address of operation.

  2. You can now make your Certificate Signing Request by entering the following command:

    # /usr/local/bin/genkey www.yoursite.com

    Make sure to replace "www.yoursite.com" with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.

  3. Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr -- This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the DigiCert order form. Make sure to include the BEGIN and END tags.

  4. After you receive your SSL Certificate from DigiCert, you can install it.

    See SSL Certificate Installation :: f5 BIG-IP.

f5 SSL Certificates, Guides, & Tutorials

Buy Now Learn More

Generating a CSR for Issuance of an SSL Certificate in BIG-IP

How to generate an SSL Certificate Signing Request for your F5 BIG-IP Loadbalancer

SSL Certificate

SSL Support