Forum Discussion

eesun_276598's avatar
eesun_276598
Icon for Cirrus rankCirrus
Sep 15, 2016

What is relation between "SSLCertificate" and Key

Hi Anyone can explain the relation between "SSL Certificate" and Key. Do we have to import the key? Thank you

 

application delivery
LTM

8 Replies

Sort By
  • AJ_01_135899's avatar
    AJ_01_135899
    Icon for Cirrostratus rankCirrostratus
    Sep 15, 2016

    The key is the private cryptographic information used for encrypting traffic.

     

    The certificate is the public cryptographic information used for encrypting traffic.

     

    https://en.wikipedia.org/wiki/Public-key_cryptography

     

    If you want to terminate SSL on your F5, you need both the key and certificate installed and configured in an SSL profile. Depending on your use case you may need an intermediate certificate configured in your SSL profile as well, which the Certificate Authority can provide.

     

    Hope this answers your question!

     

    • eesun_276598's avatar
      eesun_276598
      Icon for Cirrus rankCirrus
      Sep 18, 2016

      Thank you so much for your reply.

       

      "If you want to terminate SSL on your F5"

       

      What does this mean for "terminate"? Here is my understand for it: Usually user PC contact server directly. If we put a F5 between the server and user PC, all ssl process would be moved from the server to the F5. That means terminate SSL on my F5, right?

       

    • Vijay_E's avatar
      Vijay_E
      Icon for Cirrus rankCirrus
      Sep 18, 2016

      Yes, if F5 deals with SSL processing, SSL is terminated on the F5.

       

    • eesun_276598's avatar
      eesun_276598
      Icon for Cirrus rankCirrus
      Sep 18, 2016

      Thank you so much for confirming this for me. Can we say in any cases, once the certificate need to import to F5, the Key also need to import to the F5? If so, why do not put the certificate and its key together, and then import it for one time?

       

  • Deep_287674's avatar
    Deep_287674
    Icon for Nimbostratus rankNimbostratus
    Sep 18, 2016

    Ssl offloading is done on f5 because F5 is acting as full proxy. While uploading certificate key is required to authenticate the certificate.

     

    • eesun_276598's avatar
      eesun_276598
      Icon for Cirrus rankCirrus
      Sep 18, 2016

      So, after we import certificate and its intermediate certificate, we still need to import one key for the "two" certificates, right? Thank you

       

    • Deep_287674's avatar
      Deep_287674
      Icon for Nimbostratus rankNimbostratus
      Sep 18, 2016

      You import the ssl certificate in Big ip by going to File management-ssl certificate-add. It will ask for key once you import the certificate.After saving. Create ssl profile by going to security - ssl profile Create the profile, map the certificate and key . Keep the default chain .

       

  • janholtz's avatar
    janholtz
    Icon for Altostratus rankAltostratus
    Sep 18, 2016

    The certificate provides an algorithm to ENCRYPT the traffic, with an assurance that the traffic can only be DECRYPTED by the holder of the private key.

     

    You are effectively handing out padlocks to anyone that asks for it (and that padlock has a signature on it that tells the user that it was sourced from a trusted entity).

     

    The client trusts that the person handing out the padlocks is the same one that has the key to unlock it.

     

    BR Sproggg