We help IT Professionals succeed at work.

Import certificates into F5

Medium Priority
95 Views
Last Modified: 2020-01-05
I am trying to install SSL certificate on F5, I keep getting Import error (Screenshot attached) I have tried entering password, and changing the option for Key security, it doesnt work.

The certificate i am selecting is in .pem format, have selected .crt and .p7b as well, none of them works.

Have anyone experienced the same error?

Thanks for your help.
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hattachment not included.
The private key and cert has to ve within a pem file
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
LeoSnr Network Eng
CERTIFIED EXPERT

Author

Commented:
No, its a Godaddy third party certificate, which we use it on our exchange server as well. Primarily use of F5 is reverse proxy, for OWA.
I have to generate a certificate request on f5?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It is up to you where you generate it, but it needs to match its use.
You have to load both the certificate and the private key used to generate the csr which was signed resulting with the cert.

It sounds by your last post question, that you are in,y trying to load the certificate (signed by goddaddy) which would explain an error which you did not include.
Missing private key, missing CA certificate chains.

Does the certificate multi-name (SAN certs)?

Are you using the certicate mmc to export the cert and private key (PFX) that you then can use OpenSSL to convert to a pen format.
LeoSnr Network Eng
CERTIFIED EXPERT

Author

Commented:
Thanks.
We have allocated a spare public IP address, so for any traffic which comes and hits our public IP address 210.18.x.x, next hop for this traffic needs to be our firewall which is meraki (210.18.x.x)
I can telnet to our meraki firewall from outside the network but i cant  telnet to 210.18.x.x, i get no response? what i am missing here?

thanks.
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Usually if you are behind the F5 and it is using a Virtual interface that forwards to a device behind it. Your attemt will be seen as a loop.

i.e. you exit your front door and then try to come back to enter it.
This was added when spoof packets with Internal IPs were used to do a denial of service attack.

... test from a connection outside your network.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.