Knowledge Base

Similar Questions: 

What are the steps to install SSL certificates on F5 BIG-IP v13 and above?

How can I configure SSL/TLS certificates on F5 BIG-IP version 13.x?

What is the procedure for uploading and applying SSL certificates in F5 BIG-IP 13.x?

How do I import Sectigo SSL certificates into F5 BIG-IP version 13 or later?

Overview:

Learn how to install SSL/TLS server certificates on F5 BIG-IP version 13.x and later. This step-by-step guide covers importing the Sectigo certificate chain, installing the server certificate, and configuring SSL profiles for secure traffic management.

Download your certificate files. It must have the following files:

• Server Certificate: Your signed SSL/TLS certificate
• Chain Bundle: The Sectigo Certificate chain bundled in a single file

The installation is divided into two distinct phases:
1) Installing Chain/Intermediate Certificate
2) Installing Server Certificate

 

Part 1 of 2: Installing Chain/Intermediate Certificate
1. Launch the F5 BIG-IP web GUI.

 

 

2. On the Main tab, expand System. 

 

 

3. Click Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates. 




4. In the upper right corner, click the Import button.

 

 

5. From the Import Type drop down, select Certificate. 



6. In the Certificate Name field, enter SectigoChain. In the Certificate Source box, browse the location of the Chain Bundle file. 



7. Click on Import. The new certificate should appear on the list as SectigoChain.


 

 

 

Part 2 of 2: Installing Server Certificate

1. Go back to System > Certificate Management > Traffic Certificate Management > SSL Certificate List to display the list of existing certificates.



2. Click on the name you assigned to the key file when you created your Certificate Signing Request.



In this example, the name for the key file is F5SSLCertificate.

3. Click on Import. 

4.In the Certificate Source box, browse the location of the Server Certificate file that you downloaded. Click on Import.

5. The Server Certificate and Key should now appear on the list. 


6. On the Main tab of the F5 BIG-IP interface, expand Local Traffic and click on Profiles. 



7. In the top menu bar, click on SSL > Client. 


 
8. Create a new SSL Profile by clicking Create or open an existing SSL profile that has already been set-up. 



9. From the Configuration drop down, select Advanced and check the Custom box.. 

 

11. Click “Add” as shown below.



12. Under Certificate, select your Server Certificate. It will appear with the same friendly name as the private key.

13. Under Key, select the name of the Key from the drop down. This key was generated when you generated your Certificate Signing Request before you requested your certificate.  

14. Under Chain, select SectigoChain that was imported in section A above from the drop down. Click the “Add” button. 



15. Your certificate will appear under the “Certificate Key Chain” text box as shown below.



16. Scroll down and click “Finished” to complete the process.
 

Your SSL/TLS certificate should now be installed.

 

Check that your Certificate has been successfully installed by testing it on the SSL Install Checker.

 

 

Related Articles: Generate Certificate Signing Request (CSR) for F5 BIG IP

Tags: