How to generate a CSR using an F5 BIG-IP Loadbalancer (version 9)
- Launch the F5 BIGIP web GUI.
- Under Local Traffic select "SSL Certificates" then "Create."
- Under General Properties give your certificate a name (this name will be used in the future to identify this certificate).
-
Under Certificate Properties enter the following information:
Issuer: Certificate Authority (E-Tugra)
Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or *.domain.com)
Division: Your department, such as 'Information Technology'
Organization: The full legal name of your organization (e.g., E-Tugra A.Ş.)
Locality, State or Province, Country: City, state, and country where your organization is located
E-mail Address: Your email
Challenge Password, Confirm Password: Your password
- Under "Key Properties", choose 2048.
-
Click the Finished button.
You should now be provided with the text of a Certificate Signing Request file. You will want to copy and paste the entire body of that file into the E-Tugra order process when prompted.
CSR Generation (Earlier versions of Big-IP)
-
First, login to the BIG-IP device as the root user and run the following command:
# /usr/local/bin/genconf
You will be asked to enter your company details including the full legal company name and address of operation.
-
You can now make your Certificate Signing Request by entering the following command:
# /usr/local/bin/genkey www.yoursite.com
Make sure to replace "www.yoursite.com" with the Fully Qualified Domain Name of the site that you are securing. You will again be asked to enter your company details.
-
Under /config/bigconfig/ssl.csr/ you will find a new file named your www.yoursite.com.csr -- This is your new CSR file. Transfer it to the workstation you will use to order the certificate. The CSR file can be opened with a text editor such as Notepad. Copy and paste the contents of the CSR file to the E-Tugra order form. Make sure to include the BEGIN and END tags.