Forum Discussion
23 Replies
- nitassEmployee
you can convert p7b to pem format. anyway, p7b does not contain private key. ssl offloading requires private key.
- DC_Jordan_18536NimbostratusThey provide me .pfx also f5 is not accepted , they told me they have cert with key , so please can you advice
- nitass_89166Noctilucent
you can convert p7b to pem format. anyway, p7b does not contain private key. ssl offloading requires private key.
- DC_Jordan_18536NimbostratusThey provide me .pfx also f5 is not accepted , they told me they have cert with key , so please can you advice
- DC_Jordan_18536Nimbostratus
They provide me .pfx also f5 is not accepted , they told me they have cert with key , so please can you advice
- DC_Jordan_18536Nimbostratus
Which type of certifcate is required for f5 ?
- Sec-Enabled_658Cirrostratus
If they provided you with a PFX, you should be able to import that into the F5 through the GUI interface depending on what version of TMOS you are running. A PFX file (PKCS11) should contain cert and key, so it should work. You import this file under system-> file management or under Local Traffic -> ssl certificates. Possible values are Key, Certificate, PKCS 12 (IIS), and Archive.
- DC_Jordan_18536Nimbostratus
I choose key and certificate , give me error i will try pcks today , this certificate will be use in ssl profile as client ssl , is that write , and after import it then go client ssl and create new owa and select this imported one what i shall do?!
- DC_Jordan_18536Nimbostratus
I choose key and certificate , give me error i will try pcks today , this certificate will be use in ssl profile as client ssl , is that write , and after import it then go client ssl and create new owa and select this imported one what i shall do?!
- nitassEmployeeyes. you may check ssl profiles article here. SSL Profiles by JRahm and John Wagnon https://devcentral.f5.com/s/articles/ssl-profiles-part-1
- DC_Jordan_18536Nimbostratus
I imported file as u mentioned , but from server side , shall owa admin remove certifcate from iis (( when add profile virtual severs owa site is mot working ))
- nitassEmployee
but from server side , shall owa admin remove certifcate from iis (( when add profile virtual severs owa site is mot working ))
you can choose whether you want ssl on server-side (between bigip and server).
if you want ssl, assign serverssl profile to virtual server (i.e. both clientssl and serverssl profiles). pool is listening on ssl port.
- eng_mohamadawadNimbostratus
we want just clienet ssl , but when i used this ssl profile in Virtual server , HTTPS is not open , so please advice ? port 443 when i remove it every thing is working normally (https)