How to Install an SSL/TLS Certificate In F5 BIG IP (version 9)
The following instructions will guide you through the SSL installation process on F5 Big-IP Load Balancer V9. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.
What You’ll Need
1. Your server certificate
This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
2. Your intermediate certificates
These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.
3. Your private key
This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
1. Launch the GUI
Launch your F5 Big-IP Web GUI.
2. Select “SSL Certificates”
The SSL Certificates option is listed under Local Traffic.
3. Select your certificate’s name
Your certificate’s name will be listed under General Properties.
4. Select your .crt file
This is the yourdomain.crt file that you received from the issuing CA.
5. Open and import
Once you’ve located your .crt file, you need to select Open, then Import.
6. Install your intermediate certificates
- To enable the intermediate certificates, return to the Web GUI, and under Local Traffic, select SSL Certificates.
- Choose Import.
- In Import Type, choose Certificate and Create New.
- Name your Intermediate Certificate.
- Find the CA bundle that includes your intermediate, click Open, then Import.
7. Enable your SSL
- To enable the SSL certificate, create or open an SSL Profile for your Certificate.
- Choose Configuration, then select Advanced.
- Select the Server Certificate you installed from Steps 1-5.
- Under Chain, find the Intermediate Certificate you imported from Step 6, then select Save.
Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.