?
Solved

Can we confirm the certificate and its key can work well by some command?

Posted on 2016-09-18
2
Medium Priority
?
82 Views
Last Modified: 2016-09-21
Hi After we import certificate and its key and then upgrade, do we have some commands to confirm they can work well in F5?   Thank you
0
Comment
Question by:eemoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
D Patel earned 2000 total points
ID: 41804197
Impact of procedure: Performing the following procedure should not have a negative impact on your system.

Use Secure Copy protocol (SCP) to transfer the new SSL certificate and key files to the BIG-IP system.
Note: For more information about transferring files into the BIG-IP system, refer to SOL175: Transferring files to or from an F5 system.

o Install the certificate to the /config/ssl/ssl.crt/ directory

o Install the key to the /config/ssl/ssl.key/ directory

Log in to the Traffic Management Shell (tmsh) by typing the following command:
tmsh

To install the SSL certificate, use the following command syntax:
Note: To install the certificate and key files into a specific partition, run the cd /<partition> command.

install /sys crypto cert <SSL-certificate-name> from-local-file <path-to-certificate-file>

For example:

install /sys crypto cert sol14031cert from-local-file /config/ssl/ssl.crt/sol14031.crt

To install the SSL key, use the following command syntax:
install /sys crypto key <SSL-key-name> from-local-file <path-to-key-file>

For example:

install /sys crypto key sol14031key from-local-file /config/ssl/ssl.key/sol14031.key

To verify that the SSL certificate has been successfully installed into the BIG-IP system, use the following command syntax:
list /sys crypto cert <SSL-certificate-name>

For example:

list /sys crypto cert sol14031cert

Note: If you install the SSL certificate properly, you can view the output of a list of SSL certificate attributes.

To verify that the SSL key has been successfully installed into the BIG-IP system, use the following command syntax:
list /sys crypto key <SSL-key-name>

For example:
list /sys crypto key sol14031key

Note: If you install the SSL key properly, you can view the output of a list of SSL key attributes.

To save the changes, type the following command:
save /sys config

To exit the tmsh utility, type the following command:
quit

Creating a new SSL profile using the newly imported SSL certificate and key

Impact of procedure: Performing the following procedure should not have a negative impact on your system.

Log in to the tmsh utility by typing the following command:
tmsh

To create a new SSL profile, use the following command syntax:
create /ltm profile <SSL-Profile-Type> <SSL-Profile-Name> cert <SSL-Certificate-Name> key <SSL-Key-Name>

For example, to create a Client SSL profile with the name sol14031_profile, using the certificate and key imported as sol14031cert and sol14031key, you can type the following command:
create /ltm profile client-ssl sol14031_profile cert sol14031cert key sol14031key

After you create the required SSL profiles, save the change by typing the following command:
save /sys config

To exit the tmsh utility, type the following command:
quit
0
 

Author Comment

by:eemoon
ID: 41809857
Thank you so much for your reply. It is very good!!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month9 days, 17 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question