Loading...

Knowledge Base
Save 25% on a custom website!

How to Generate a CSR for F5 BigIP

Generating a Certificate Signing Request (CSR) is the first step towards securing your F5 BigIP system with an SSL certificate. This essential process creates the key pair that lets you request an SSL certificate from a trusted Certificate Authority. Follow our clear and simple instructions to generate a CSR for F5 BigIP versions 4.x and 9+.

To generate your Certificate Signing Request (CSR), you will need to use the following instructions depending on your version of the BigIP software:

F5® Big IP Version 9 and Later

To generate a CSR for F5 BigIP version 9 or later versions, follow these instructions:

  1. Launch the f5 BIG-IP web GUI.
  2. Under the Local Traffic menu, select SSL Certificates, then click Create.
  3. Remember to name your certificate under General Properties. (This name will be used in the future to identify this certificate).
  4. Under Certificate Properties, enter the following information:

    Issuer: XYZ
    Common Name: Fully Qualified Domain Name (FQDN) of the server.
    Example: domain.com, mail.domain.com, or *.domain.com.
    Division: Your department; such as 'IT','Web', 'Office', etc.
    Organization: The full legal name of your organization/company (ex.: Acme Safe Co.)
    Locality, State or Province, Country: City, state, and country where your organization is located.
    E-mail Address: Your email
    Challenge Password, Confirm Password: Your password

  5. Under Key Properties, choose 2048, and then click the Finished button.

You will then receive the CSR text. When prompted copy and paste the entire body of that file into the ordering process.

F5 BigIP Version 4.x

Here are the steps to create a CSR for F5 BigIP version 4x.:

  1. Log into the device as root. Execute the following command:

    #/usr/local/bin/genconf

    You will need to enter all of your company information (name, address etc.)
  2. Now execute the command:

    #/usr/local/bin/genkey www.yourdomain.com
     
  3. Replace www.yourdomain.com with the FQDN for which you require the certificate. This will generate the CSR
    The saved CSR file location will be: /config/bigconfig/ssl.csr/www.yourdomain.com.csr.
  4. Copy and paste the contents into the enrollment form when requesting a certificate. You have generated your CSR for F5 BigIP.

Review

Well done! You have made your CSR successfully which is one of the key tasks to acquire an SSL certificate for your F5 BigIP. This guarantees that every network traffic that occurs is under some encryption to guard any valuable information instilled in the users and earned their trust.

Did you find this article helpful?

 
* Your feedback is too short

Loading...