Forum Discussion

fubarSUSHI's avatar
fubarSUSHI
Icon for Altocumulus rankAltocumulus
Apr 03, 2014

MS NLB for Exchange 2010 and importing Exchange ssl certs to bigip v11.4.1

Im in a situation where I am working with someone to export the IIS SSL certs from their CAS servers. Im using digicerts link to do this Digicert export pfx cert but Im questioning if I can install the pfx cert directly to the F5 or is there something I need to do to manipulate it?

 

Im looking and using GoogleFu but apparently it is not strong today. Im looking for a link that would help me with this item?

 

Im using version 11.4.1 HF3 on the LTMs.

 

6 Replies

  • You can import the pfx file directly. Select import type PKCS12 in File Management/SSL Certificate List/Import. You can also (my preference) convert them to PEM format first from the bash shell on the F5 with something like (from my imperfect memory):

    openssl pkcs12 -in my.pfx -nodes

    then just paste the certificate and key parts into the appropriate text boxes in the GUI.

    • fubarSUSHI's avatar
      fubarSUSHI
      Icon for Altocumulus rankAltocumulus
      Awesome. That is what I was hoping for... I can use the pfx directly on the F5. I wanted to make sure but I had no way of confirming. I believe the older versions dont allow you to use .pfx?
    • uni_87886's avatar
      uni_87886
      Icon for Cirrostratus rankCirrostratus
      You might be right there. I only discovered when someone else had done so here.
  • uni's avatar
    uni
    Icon for Altostratus rankAltostratus

    You can import the pfx file directly. Select import type PKCS12 in File Management/SSL Certificate List/Import. You can also (my preference) convert them to PEM format first from the bash shell on the F5 with something like (from my imperfect memory):

    openssl pkcs12 -in my.pfx -nodes

    then just paste the certificate and key parts into the appropriate text boxes in the GUI.

    • fubarSUSHI's avatar
      fubarSUSHI
      Icon for Altocumulus rankAltocumulus
      Awesome. That is what I was hoping for... I can use the pfx directly on the F5. I wanted to make sure but I had no way of confirming. I believe the older versions dont allow you to use .pfx?
    • uni's avatar
      uni
      Icon for Altostratus rankAltostratus
      You might be right there. I only discovered when someone else had done so here.