f5 BIG-IP - 安装SSL证书
点击数：8012014-11-25 12:20:20 来源: 中国数字证书CHINASSL
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
F5-BIG-IP SSL Certificates-CSR Creation
Install your SSL Certificate to a f5 BIG-IP Loadbalancer (version 9)
Installing the SSL Certificate
- Launch the F5 BIGIP web GUI.
- Under Local Traffic select "SSL Certificates."
- Click on the name you assigned to the certificate under "General Properties" while creating the CSR.
- Browse to the your_domain_name.crt file that you received from ChinaSSL.
Click "Open" and then "Import."
Your SSL Certificate file is now installed.
Enabling your Intermediate Certificate
- In the web GUI, choose "Local Traffic," then "SSL Certificates," and then "Import."
- Under "Import Type," choose Certificate, then "Create New."
- Enter "ChinaSSLCA" as your certificate name.
Browse to the ChinaSSLCA.crt file that you received from ChinaSSL, click "Open," and then "Import."
Your intermediate certificate should now be imported.
Configure your server for SSL
- Create or open the SSL Profile that you will be using with this certificate.
- Log in to the Configuration utility > Local Traffic > Profiles > Client (from the SSL menu), then select the client to configure and choose "Advanced" from the Configuration menu.
- Select the SSL certificate (public/private key pair) that you installed at the beginning of these instructions.
Under the "Chain" section, browse to the "ChinaSSLCA" file that you imported in the previous step, then save and exit the configuration
Your SSL Certificate has now been installed and enabled for use on your server.
f5 BIG-IP Pre Version 9.x
Inside your ChinaSSL account you can download your certificate files. You will need the Primary (your_domain_name.crt) and Intermediate (ChinaSSLCA.crt) certificate files. You will need both of these files for proper installation on you BIG-IP device. You do not need the TrustedRoot.crt file
Move your Primary and Intermediate Certificates to the BIG-IP device.
The Primary (your_domain_name.crt) and Intermediate (intermediate-ca.crt) certificate files can be moved to the BIG-IP box using FTP.
Rename and move the certificate files.
Rename your Primary certificate from your_domain_name.crt to your.domain.name.crt and copy it to the /config/bigconfig/ssl.crt/ folder.
Copy the intermediate-ca.crt to the /config/bigconfig/ssl.crt/ folder.
Restart the Proxy.
# bigpipe proxy <IP Address>:443 disable
# bigpipe proxy <IP Address>:443 enable
The Certificate is now installed.