• Home
  • Knowledge Base
  • Certificate Signing Request (CSR) Generation Instructions for F5 BIG-IP version 11.x

Certificate Signing Request (CSR) Generation Instructions for F5 BIG-IP version 11.x

This article offers step-by-step instructions for creating a certificate signing request (CSR) on F5 BIG-IP version 11.x. If you are unable to complete these procedures on your server, we suggest contacting the vendor or organization that supports your F5 BIG-IP system for assistance.

Generating a CSR requires the creation of a key pair for the server, which includes a digital certificate and a private key that cannot be separated. It's important to keep in mind that if the public/private key file or password is lost or changed before installing the SSL certificate, a new SSL certificate will be needed. In order for the installation to be successful, the private key, CSR and certificate must all match.

To create a new Certificate Signing Request, perform the steps below :
  1. Log in to the F5 BIG-IP web interface as an administrative user.
  2. On the “ Local Traffic ” button in the navigation menu on the left.
  3. Select the “ SSL Certificates ” option from the “ Local Traffic ” menu.
  4. Click on the “ Create ” button to create a new SSL certificate.
  5. In the “ Create a New SSL Certificate ” window, enter a name for the certificate and select the “ Create a CSR ” option.
  6. Enter the necessary information in the “ Country Name ”, “ State or Province ”, “ Locality ”, “ Organization Name ”, and “ Organizational Unit ” fields.
  7. Enter the domain name for which you want to generate the certificate in the “ Common Name ” field.
  8. Select the appropriate “ Key Size ” and “ Digest Algorithm ” options./
  9. Click on the “ Create ” button to generate the CSR .
  10. Fill the form to generate the CSR

    1. Name : Give a name for your SSL Certificate which will be the name displayed within Big IP. The name should not have any spaces.
    2. Issuer:  Certificate Authority Symantec.
    3. Common name:  FQDN (fully-qualified domain name) of the server (e.g.  www.domain.com,  mail.domain.com, or for wildcard certificate *.domain.com).
    4. Division:  This is also referred as the Organizational Unit.  You may use this field as a department name for the certificate or a naming convention of your choosing.
    5. Organization:  Use the legally registered organization or business name that your company operates as.
    6. Locality, State or Province, Country:  City, state, and country where the organization is located. Do not abbreviate the state or province.
    7. E-mail Address:  Your email.
    8. Subject Alternative Name:  Enter your Subject Alternative Name, also known as SANs, here if any. If you do not have any that is needed to be on the same certificate, you may leave this field blank.
    9. Challenge Password, Confirm Password:  Do not enter a challenge password. Leave the challenge password blank.
    10. The key size  must be 2048 bits for all SSL Certificates.

  11. The CSR will be displayed in a text box. Copy the entire contents of the text box, including the “----- BEGIN CERTIFICATE REQUEST -----" and "----- END CERTIFICATE REQUEST -----" lines.
  12. Submit the CSR to your chosen  certificate authority (CA)  for signing.
  13. Once the certificate is signed, upload it to the  F5 BIG-IP  device by following the instructions provided by the CA.
  14. Assign the certificate to the appropriate services on the F5 BIG-IP device.
  15. Test  the certificate to ensure that it is working correctly.