Home / Tutorials / How to Install an SSL Certificate / How to Install an SSL Certificate on F5 Products?

How to Install an SSL Certificate on F5 Products

How to Install an SSL Certificate on F5 Products

This step by step guide offers instructions on how to install an SSL Certificate on F5 products, namely F5 BIG-IP and, F5 FirePass SSL VPN. As a bonus, we’ve also included tips on where to buy the best SSL Certificate for your F5 appliance.

Table of Contents

  1. Generate a CSR Code
  2. Install an SSL Certificate on F5 BIG-IP
  3. Install an SSL Certificate on F5 FirePass SSL VPN
  4. Test your SSL Installation
  5. Where to buy the best SSL Certificate for F5 products?

Generate a CSR Code

The CSR (Certificate Signing Request) code is a block of encoded text with your contact data such as domain name and company information. You need to generate it as part of the SSL order process and send it to your CA (Certificate Authority). Along with the CSR, you will also create your Private Key. Keep it safe, as you’ll need it during the SSL installation.

You have two options:

  1. Use our CSR Generator to create the CSR automatically.
  2. Follow our step-by-step tutorial on how to generate CSR on F5 products.

After creating the CSR, you can download it on your system by copying the CSR contents. You can save it to a text document, or paste it directly into your SSL order. Make sure you include the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– tags.

After your CA sends all the necessary SSL files to your inbox, you can proceed to the SSL installation.

Install an SSL Certificate on F5 BIG-IP

Prepare all the files

Make sure you have the following files ready:

  • Your primary server certificate
  • A root CA certificate
  • An intermediate certificate

These files usually reside in a ZIP folder. You need to download it and extract the files on your device.

Install the SSL Certificate

Follow the installation steps below:

  1. Connect to your F5 BIG-IP load-balancer console
  2. Under the Local Traffic menu click on SSL Certificates
    • For BIG-IP 13.x and later, go to System Certificate Management > Traffic Certificate Management > SSL Certificate List.
    • For BIG-IP 12.x and earlier, go to System File Management SSL Certificate List.
  3. Select Import, and then In the Import Type list, select Certificate.
  4. For Certificate Name, select Create New and enter a unique name for the certificate
  5. For Certificate Source, select Upload File and select Choose File to browse to the file location, or select Paste Text and paste the certificate plain text into the text box.
  6. Select Import.
  7. You can now associate the SSL certificate with the appropriate SSL profile.
  8. Next, repeat steps 3,4, and 5 to upload the intermediate certificate.

Configure your Server to use the HTTPS connection

  1. Open the SSL profile for your SSL Certificate. If you don’t have an SSL Profile, create it from your F5 BIG-IP console
  2. Under the Configuration window, select Advanced from the drop-down list
  3. Select the SSL Certificate that you’ve just installed.
  4. Under Chain, locate the intermediate certificate’s friendly name that you assigned in previous steps and click Save then Exit

Congratulations, now you know how to install an SSL Certificate on F5 BIG-IP load balancer.

For F5 BIG-IP version lower than 9, follow the installation steps below:

  1. Prepare your primary and intermediate certificates.
  2. Use an FTP client such as FileZilla to move your primary and intermediate certificates from your local device to your F5 BIG-IP platform.
  3. Rename your primary certificate to your.domain.name.crt and copy it into the /config/bigconfig/ssl.crt/ directory on your F5 BIG-IP device.
  4. Copy the intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder on your F5 BIG-IP device
  5. Run the commands below to restart the proxy:
    #bigpipe proxy :443 disable
    #bigpipe proxy :443 enable

That’s it. Your SSL Certificate is now up and running on your platform.

Install an SSL Certificate on F5 FirePass SSL VPN

Prepare all the files

First, ensure that all the necessary SSL files are ready. Download the ZIP folder containing the certificates, and extract the files on your device.

Install the SSL Certificate

Next, follow the instructions below:

  1. Log into your F5 FirePass Host
  2. Go to Device Management > Security > Certificates
  3. In the Renew/Replace SSL Server Certificate tab click on Install
  4. In the Paste the new certificate in the PEM format (for Apache + mod_ssl) here box, paste the encrypted data of your SSL Certificate. You can open your cert with any text editor such as Notepad. When copying the contents, don’t forget to include the BEGINNING and END header and footer
  5. In the Paste the corresponding cryptographic key in PEM format here box, enter the encrypted data of your Private Key. You’ve generated the Private Key along with your CSR code
  6. Next, in the Enter Password here field, write the password you created for your Private Key during the CSR generation
  7. In the Optionally, put your intermediate certificate chain here (in the PEM format) box, paste the encoded contents of your root and intermediate certificates and click Go.
    Note: If you receive the error message ‘Your Certificate chain cannot be fully verified’, please refer to this article.

Configure the Web Service

  1. In your F5 FirePass SSL VPN host, click on Web Service
  2. Click on Configure, then on Add New Service
  3. In Certificate menu select the SSL Certificate you’ve just added
  4. Click on the following sequence: Update > Finalize > Finalize Changes > Apply changes > Restart
  5. F5 FirePass SSL VPN host will restart now.

Congratulations, you’ve successfully installed and configured your SSL Certificate on F5 FirePass SSL VPN.

Test your SSL installation

After you install an SSL Certificate on F5 devices, you should run an SSL scan to look for potential errors or vulnerabilities in your configuration. For more info, check our article on the best SSL tools for testing an SSL Certificate.

Where to buy the best SSL Certificate for F5 products?

SSL Dragon is a reputable SSL vendor with impeccable customer support. We’ve established strong partnerships with the best Certificate Authorities on the market to offer incredibly low prices across the entire range of SSL products. All our certificates are compatible with F5 BIG-IP load balancer and F5 FirePass SSL VPN.

Get an SSL certificate now

You can find the best SSL Certificate for your project and budget with the help of our exclusive SSL tools. The SSL Wizard offers a quick and efficient way to determine the right SSL for you, while the Advanced Certificate Filter allows you to sort and compare different certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.