WoSign技术支持：F5 Big IP Controller 3.0 Web服务器的SSL证书安装指南

English

	首接负责制，让您放心选购和使用各种数字证书产品！
	在线帮助、MSN、QQ、Email 和免费服务热线为您提供最优质的售前售后服务!

可信网站认证服务与产品

超真SSL

超真SSL-EV

可信软件开发商认证产品

微软代码签名证书

Adobe AIR 签名证书

火狐插件签名证书

Java等代码签名证书

PKI(CA)托管产品

超管CA-企业版

USB Key 加密盘

各类产品分网站

互联网 • 更多 • 安全

可信数字身份认证服务

SGC超真SSL证书

超真SSL证书

超快SSL证书

EV SSL证书

客户端证书

首页

技术支持

SSL证书安装指南 - F5 Big IP Controller 3.0

To install an Certificate on F5 Big IP Controller 3.0 follow the instructions below:

Fetch your certificate and the intermediate CA

1. You will receive an email when your certificate is issued.
2. Copy and Paste your Certificate (First certificate) to Notepad and save as a cert.cer
5. Copy and Paste the intermediate CA (second certificate) to Notepad and save as a intermediate.cer

Installing certificates from the certificate authority (CA)
After you obtain a valid x509 certificate from a certificate authority (CA) for the SSL Accelerator, you must copy it onto each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.

To install certificates from the CA using the Configuration utility

In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to the CA, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from the CA.
Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line. For an example of a certificate, see Figure 8.3.
Click the Write Certificate File button to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.
To install certificates from the CA using the command line
Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:

/config/bigconfig/ssl.crt/

Note: The certificate you receive from the certificate authority (CA) should overwrite the temporary certificate generated by genkey or gencert.
If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:

Figure 8.3 An example of a certificate

After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

To install certificates from the CA using the command line Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:
/config/bigconfig/ssl.crt/

To install intermediate CA certificate using the command line :

*Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system.
To install a intermediate CA certificate, follow the steps below.

Cut and paste the entire text of the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file named intermediate-ca.cert. Be careful not to include any leading or trailing whitespace before the beginning and ending hyphens.

Make a directory named ca in /var/asr/gateway.
Copy the file intermediate-ca.cert into this directory.
For example:
bigip1:/var/tmp# mkdir /var/asr/gateway/ca
bigip1:/var/tmp# cp intermediate-ca.cert /var/asr/gateway/ca/
bigip1:/var/tmp#
Run the following command to reload the configuration and restart proxy: bigpipe -f /etc/bigip.conf

WARNING:In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.