How Do I Generate a CSR for F5 BigIP?
Important: This article applies to customers with SSL services only.
To generate your Certificate Signing Request (CSR), you will need to use the following instructions depending on your version of the BigIP software.
F5® Big IP Version 9 and Later
Follow these instructions to generate a CSR for F5 BigIP version 9 or later versions:
1. Launch the f5 BIG-IP web GUI
2. Under the Local Traffic menu, select SSL Certificates, then click Create.
3. Under General Properties give your certificate a name (This name will be used in the future to identify this certificate)
4. Under Certificate Properties enter the following information:
Issuer: XYZ
Common Name: Fully Qualified Domain Name (FQDN) of the server.
Example: domain.com, mail.domain.com, or *.domain.com.
Division: Your department; such as 'IT','Web', 'Office', etc.
Organization: The full legal name of your organization/company (ex.: Acme Safe Co.)
Locality, State or Province, Country: City, state, and country where your organization is located.
E-mail Address: Your email
Challenge Password, Confirm Password: Your password
5. Under Key Properties select, 2048 and then click the Finished button
You should now be provided with the text of a CSR. You will want to copy and paste the entire body of that file into the ordering process when prompted.
F5 BigIP Version 4.x
Follow these instructions to generate a CSR for F5 BigIP version 4x:
1. Log into the device as root. Execute the following command:
#/usr/local/bin/genconf
You will need to enter all of your company information (name, address etc.)
2. Now execute the command:
#/usr/local/bin/genkey www.yourdomain.com
3. Replace www.yourdomain.com with the FQDN you require the certificate for. This will generate the CSR
The CSR will be saved in a file at the location: /config/bigconfig/ssl.csr/www.yourdomain.com.csr.
4. Copy and paste the contents into the enrollment form when requesting a certificate.
You have generated your CSR for F5 BigIP.