How to generate a CSR using an F5 BIG-IP Loadbalancer (version 9)
- Launch the F5 BIGIP web GUI.
- Under Local Traffic select "SSL Certificates" then "Create."
- Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).
Under Certificate Properties enter the following information:
Issuer: Certificate Authority (E-Tugra)
Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)
Division: Your department, such as 'Information Technology'
Organization: The full legal name of your organization (e.g., E-Tugra A.Ş.)
Locality, State or Province, Country: City, state, and country where your organization is located
E-mail Address: Your email
Challenge Password, Confirm Password: Your password
- Under "Key Properties", choose 2048.
Click the Finished button.
You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the E-Tugra order process when prompted.
CSR Generation (Earlier versions of Big-IP)
First, login to the BIG-IP device as the root user and run the following command:
You will be asked to enter your company details including the full legal company name and address of operation.
You can now make your Certificate Signing Request by entering the following command:
# /usr/local/bin/genkey www.yoursite.com
Make sure to replace "www.yoursite.com" with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.
Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr -- This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the E-Tugra order form. Make sure to include the BEGIN and END tags.