F5 BIG IP – Generate CSR

5 days ago
Admin
2 minutes

CSR Creation for F5 BIG-IP

This guide outlines the steps required to generate a CSR for this server or platform.

How to generate a CSR using an F5 BIG-IP Loadbalancer (version 9)

  1. Launch the F5 BIGIP web GUI.
  2. Under Local Traffic select “SSL Certificates” then “Create.”
  3. Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).
  4. Under Certificate Properties enter the following information:

    Issuer: Certificate Authority

    Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com in case of a wildcard certificate)

    Division: Your department, such as ‘Information Technology’

    Organization: The full legal name of your organization (e.g., Company Inc)

    Locality, State or Province, Country: City, state, and country where your organization is located

    E-mail Address: Your email

    Challenge Password, Confirm Password: Your password

  5. Under “Key Properties”, choose 2048.
  6. Click the Finished button.

You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the order process when prompted.

CSR Generation (Earlier versions of Big-IP)

  1. First, Log in to the BIG-IP device as the root user and run the following command:

    # /usr/local/bin/genconf

    You will be prompted to enter your company details including the full legal company name and address of operation.

  2. You can now make your Certificate Signing Request by entering the following command:

    # /usr/local/bin/genkey www.yoursite.com

    Verify that you replace “www.yoursite.com” with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.

  3. Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr — This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the order form. Verify that you include the BEGIN and END tags.