Installation- BIG-IP F5 version 9

This document provides instructions for installing the following VeriSign SSL with Extended Validation Certificates.

Secure Site
Secure Site Pro
Premium SSL Certificate
Standard Validation SS

If you are unable to use these instructions for your server, VeriSign recommends that you contact either the vendor of your software or an organization that supports F5 BIG-IP server.

Step 1: Install the Intermediate CA Certificates

All SSL certificates require the installation of an Intermediate CA Certificate

1. You will need to download the Intermediate CA Certificate that matchs the product you purchased.

Secure Site/Managed PKI for SSL Standard Certificates

Secure Site Pro/Managed PKI for SSL Premium Certificates

2. Copy the entire text of the Intermediate CA Certificate from the VeriSign Web site, including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.

3. Paste into a file named intermediate-ca.crt using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Do not to include any leading or trailing whitespace before the beginning and ending hyphens.

4. Place the intermediate-ca.crt file in the directory: /config/bigconfig/ssl.crt. The full path to the file is: /config/bigconfig/ssl.crt/intermediate-ca.crt

In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.

Step 2: Install the SSL Certificate

VeriSign will email you your certificate. If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

1. In the navigation pane, click Proxies.

2. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.

3. In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to VeriSign, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from VeriSign.

4. Paste the text of the certificate into the Install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.

5. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

Step 3 Establish the trust chain

The proper Intermediate CA certificate must be set to ensure a complete chain of trust.

Step A: Create the SSL Profile
Step B: Select the proper certificate and CA

1. Open the SSL Profile

2. Within the Configuration, select Advanced

3. Select the appropriate certificate for your website

4. Select the corresponding private key

5. Within Trusted Certificate Authorities, select the Intermediate named “intermediate-ca”

6. Save and Close Properties