Install your SSL Certificate to a f5 BIG-IP Loadbalancer (version 9)


Installing the SSL Certificate
Launch the F5 BIGIP web GUI.

1. Under Local Traffic select 'SSL Certificates.'
2. Click on the name you assigned to the certificate under 'General Properties' while creating the CSR.
3. Browse to the your_domain_name.crt file that you received from Sectigo.
4. Click 'Open' and then 'Import.'

Your SSL Certificate file is now installed.


Enabling your Intermediate Certificate

1. In the web GUI, choose 'Local Traffic,' then 'SSL Certificates,' and then 'Import.'
2. Under 'Import Type,' choose Certificate, then 'Create New.'
3. Enter 'SectigoCA' as your certificate name.
4. Browse to the Domain.crt file that you received from Sectigo,
5. click 'Open,' and then 'Import.'

Your intermediate certificate should now be imported.


Configure your server for SSL

1. Create or open the SSL Profile that you will be using with this certificate.
2. Under 'Configuration,' choose 'Advanced.'
3. Select the SSL certificate (public/private key pair) that you installed at the beginning of these instructions.
4. Under the 'Chain' section, browse to the 'SectigoCA' file that you imported in the previous step, then save and exit the configuration

Your SSL Certificate has now been installed and enabled for use on your server.


f5 BIG-IP Pre Version 9.x

Inside your Sectigo account you can download your certificate files. You will need the Primary (your_domain_name.crt) and Intermediate (SectigoCA.crt) certificate files. You will need both of these files for proper installation on you BIG-IP device. You do not need the TrustedRoot.crt file (Root Certificate).

1. Move your Primary and Intermediate Certificates to the BIG-IP device.

• The Primary (your_domain_name.crt) and Intermediate (intermediate-ca.crt) certificate files can be moved to the BIG-IP box using FTP.

2. Rename and move the certificate files.

• Rename your Primary certificate from your_domain_name.crt to your.domain.name.crt and copy it to the /config/bigconfig/ssl.crt/ folder.
• Copy the intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder.

3. Restart the Proxy.

• # bigpipe proxy :443 disable
• # bigpipe proxy :443 enable

Question
How is the Trusted Root Certificate installed on F5 BIG-IP?

Answer
To install the Trusted Root Certificate, complete the following steps:

** Note these steps are based on release 6 of the F5 Big IP version 9


Part 1: Import the Trusted Root Certificate

1. Copy and paste the Sectigo Root Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your Local Computer.

NOTE: For Extended Validation (EV) Certificates, download [here] and install the Sectigo Root Certificate as the Trusted Root.

2. Launch the F5 BIG-IP web GUI.
3. On the Main tab, expand Local Traffic.
4. Click SSL Certificates. The list of existing certificates displays.
5. In the upper right corner of the screen, click Import.
6. From the Import Type list, select Certificate.
7. In the Certificate Name box, type a unique name for the certificate.
8. In the Certificate Source box, browse to the location of your Trusted Root Certificate file.
9. Click Import. The Trusted Root Certificate should appear in the Certificate List.

Part 2: Update the Client SSL Profile

1. On the Main tab of the F5 BIG-IP web GUI, expand Local Traffic and then click Profiles.
2. On the Menu bar, from the SSL menu, select Client.
3. Create or open the SSL Profile that you will be using with this certificate.
4. From Configuration list, select Advanced.
5. In the Configuration section, check the Custom box to the right of Trusted Certificate Authorities.
6. From the Trusted Certificate Authorities list, select the name of the of the root certificate from the drop down list.
7. Scroll to the bottom and click on Finished or Update to save the configuration.