Contact us at |support@ssldragon.com
  • install an SSL Certificate on F5

How to install an SSL Certificate on F5 products?

Tuesday, March 19th, 2019

This step by step guide offers instructions on how to generate a CSR Code and install an SSL Certificate on F5 products, namely F5 BIG-IP and, F5 FirePass SSL VPN. As a bonus, we’ve also included a brief history of F5 Networks, as well as tips on where to buy the best SSL Certificate for your F5 appliance.

If you’ve already created the CSR request, and are only looking for installation guidelines, use the links below to jump to the corresponding section.

Generate a CSR Code on F5 BIG-IP
Generate a CSR Code on F5 FirePass SSL VPN
Install an SSL Certificate on F5 BIG-IP
Install an SSL Certificate on F5 FirePass SSL VPN
Test your SSL Installation
F5 networks history and product versions
Where to buy the best SSL Certificate for F5 products?

Generate a CSR Code on F5 BIG-IP

The CSR (Certificate Signing Request) code is a block of encoded text with your contact data such as domain name and company information. You need to generate it as part of the SSL order process and send it to your CA (Certificate Authority). Along with the CSR, you will also create your Private Key. Keep it safe, as you’ll need it during the SSL installation.

Here’s how to create a CSR code on F5 BIG-IP version 9 and higher:

  1. Log into your F5 BIG-IP dashboard
  2. Go to System > File Management > SSL Certificate List and click Create
  3. Under General Properties, give a name to your SSL Certificate
  4. Under Certificate Properties, from the Issuer drop-down list choose Certificate Authority
  5. Fill in the remaining fields with your contact details as shown below:
    • Common Name: enter the FQDN (fully-qualified domain name) of the server you want to secure. For instance: yourdomain.com

      Note: If you have a wildcard certificate, add an asterisk in front of your domain name (e.g., *.yourdomain.com).

    • Division: name the department in charge of SSL Certificate. Usually, it is IT or Web Administration
    • Organization: specify the full, legal name of your company. For example, GPI Holding LLC
    • Locality: type the full name of the city where your company is legally registered
    • State or Province: enter the full name of the state or region where your company is located
    • Country: from the drop-down list, select your country
    • E-mail address: provide a valid e-mail
    • Challenge Password: create a password and confirm it
    • Key Size: from the drop-down list, select 2048 bits
  6. Verify the information you’ve just submitted and click Finished.

You’ve successfully created your CSR Code. Now, you can download it on your system by copying the CSR contents from the Request Text box. You can save it to a text document, or paste it directly into your SSL order. Make sure you include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags.

Generate a CSR Code on F5 FirePass SSL VPN

The CSR (Certificate Signing Request) code is a block of encoded text with your contact data such as domain name and company information. You need to generate it as part of the SSL order process and send it to your CA (Certificate Authority). Along with the CSR, you will also create your Private Key. Keep it safe, as you’ll need it during the SSL installation.

Please, follow the steps below to create a CSR on F5 FirePass SSL VPN:

  1. Log into your admin console
  2. Go to Server >Security and select Certificate > Generate a New Certificate Request
  3. Submit the following details:
    • Server Name: specify the fully-qualified domain name (FQDN) you want to secure. For instance: yourdomain.com

      Note: If you have a wildcard certificate, add an asterisk in front of your domain name (e.g., *.yourdomain.com).

    • Country Name: select the country where your company is located
    • State: enter the state where your company is registered
    • City: enter the city where your company is registered
    • Company: write the full, legal name of your Company. For example, GPI Holding LLC
    • Organizational Unit: specify the department within your organization in charge of web security. For instance, IT or Web Administration
    • Contact Email: put a valid email address
    • Expiration: skip this field
    • Encryption Password: create a password to encrypt the Private Key and then confirm it
  4. Double check the info you’ve just provided, then click Generate Request.

Now you can click the Here link to download your CSR Code and Private Key. Extract the files from the ZIP archive and open .csr file with any text editor such as Notepad. You will need to copy-paste the full CSR content, including the BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags during your SSL order.

Install an SSL Certificate on F5 BIG-IP

After your CA sends all the necessary SSL files to your inbox, you can proceed to the SSL installation. Make sure you have the following files ready:

  • Your primary server certificate
  • A root CA certificate
  • An intermediate certificate

These files usually reside in a ZIP folder. You need to download it and extract the files on your device.

For F5 BIG-IP version 9 or higher, follow the installation steps below:

  1. Connect to your F5 BIG-IP load-balancer console
  2. Under the Local Traffic menu click on SSL Certificates
  3. On the main page, under General Properties, enter the Name you assigned to your Certificate when generating the CSR Code
  4. Click Browse to locate your primary SSL Certificate file then hit Import
  5. Click Open to complete the installation
  6. Next, repeat steps 3,4 and 5 to upload the intermediate certificate.

Configure your Server to use the HTTPS connection

  1. Open the SSL profile for your SSL Certificate. If you don’t have an SSL Profile, create it from your F5 BIG-IP console
  2. Under the Configuration window, select Advanced from the drop-down list
  3. Select the SS Certificate that you’ve just installed.
  4. Under Chain, locate the intermediate certificate’s friendly name that you assigned in previous steps and click Save then Exit

Congratulations, now you know how to install an SSL Certificate on F5 BIG-IP load balancer.

For F5 BIG-IP version lower than 9, follow the installation steps below:

  1. Prepare your primary and intermediate certificates.
  2. Use an FTP client such as FileZilla to move your primary and intermediate certificates from your local device to your F5 BIG-IP platform.
  3. Rename your primary certificate to your.domain.name.crt and copy it into the /config/bigconfig/ssl.crt/ directory on your F5 BIG-IP device.
  4. Copy the intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder on your F5 BIG-IP device
  5. Run the commands below to restart the proxy:
    #bigpipe proxy :443 disable
    #bigpipe proxy :443 enable.

That’s it. Your SSL Certificate is now up and running on your platform.

Install an SSL Certificate on F5 FirePass SSL VPN

Once the CA signs your SSL Certificate and sends the SSL files to your inbox, you can continue with the installation.

First, ensure that all the necessary SSL files are ready. Download the ZIP folder containing the certificates, and extract the files on your device. Next, follow the instructions below:

  1. Log into your F5 FirePass Host
  2. Go to Device Management > Security > Certificates
  3. In the Renew/Replace SSL Server Certificate tab click on Install
  4. In the Paste the new certificate in the PEM format (for Apache + mod_ssl) here box, paste the encrypted data of your SSL Certificate. You can open your cert with any text editor such as Notepad. When copying the contents, don’t forget to include the BEGINNING and END header and footer
  5. In the Paste the corresponding cryptographic key in PEM format here box, enter the encrypted data of your Private Key. You’ve generated the Private Key along with your CSR code
  6. Next, in the Enter Password here field, write the password you created for your Private Key during the CSR generation
  7. In the Optionally, put your intermediate certificate chain here (in the PEM format) box, paste the encoded contents of your root and intermediate certificates and click Go.

    Note: If you receive the error message ‘Your Certificate chain cannot be fully verified’, please refer to this article.

Configure the Web Service

  1. In your F5 FirePass SSL VPN host, click on Web Service
  2. Click on Configure, then on Add New Service
  3. In Certificate menu select the SSL Certificate you’ve just added
  4. Click on the following sequence: Update > Finalize > Finalize Changes > Apply changes > Restart
  5. F5 FirePass SSL VPN host will restart now.

Congratulations, you’ve successfully installed and configured your SSL Certificate on F5 FirePass SSL VPN.

Test your SSL installation

After you install an SSL Certificate on F5 devices, you should run an SSL scan to look for potential errors or vulnerabilities in your configuration. For more info, check our article on the best SSL tools for testing an SSL Certificate.

F5 Networks history and versions

F5 Networks, Inc. is a multinational company specializing in application services and application delivery networking. The “F5” name is inspired from the movie Twister and is a reference to the fastest and most powerful tornado on the Fujita Scale: F5.

F5 BIG-IP load balancer

F5 BIG-IP load balancer is the first ever product launched by F5, in the distant 1997. F5’s BIG-IP product family consists of hardware, modularized software, and virtual appliances based on the F5 TMOS operating system.

F5 BIG-IP version 9.0 introduced significant improvements including:

  • Company’s TMOS architecture
  • Traffic Management MicroKernel (TTM) creation
  • Standard full-proxy mode creation

At the time of writing this article, the latest F5 BIG-IP versions is 14.0.

F5 Network’s FirePass SSL VPN

F5 Network’s FirePass SSL VPN allows users to secure remote access to a large number of apps and devices. On top of that, it also offers security to intranet resources, by preventing unauthorized device access.

The F5 FirePass SSL VPN supports connectivity to any TCP/IP-based application, provides direct setup and management, and enforces endpoint security.

Where to buy the best SSL Certificate for F5 products?

SSL Dragon is a reputable SSL vendor with impeccable customer support. We’ve established strong partnerships with the best Certificate Authorities on the market to offer incredibly low prices across the entire range of SSL products. All our certificates are compatible with F5 BIG-IP load balancer and F5 FirePass SSL VPN. Below are the types of SSL certificates available at SSL Dragon:

You can find the best SSL Certificate for your project and budget with the help of our exclusive SSL tools. The SSL Wizard offers a quick and efficient way to determine the right SSL for you, while the Advanced Certificate Filter allows you to sort and compare different certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.