This document provides CSR generation instructions using F5 BIG IP 9.x or 10.x GUI. If you are not able to perform the steps on your server, Symantec recommends to contact the server vendor or the organization, which supports F5.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a CSR, perform the following steps:
- Launch the F5 BIG IP Web GUI.
- Under Local Traffic click SSL Certificates.
- Click Create.
- Under General Properties give the certificate a name (this name will be used in the future to identify this certificate).
- Under Certificate Properties enter the following information:
- Issuer: Certificate Authority VeriSign.
- Common name: FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or for wildcard certificate *.domain.com).
- Division: A department name, such as 'Information Technology'.
- Organization: The full legal name of the organization.
- Locality, State or Province, Country: City, state, and country where the organization is located. Do not abbreviate.
- E-mail Address: Your email.
- Challenge Password, Confirm Password: Enter a password.
- Under Key Properties a key size of at least 2048 must be selected.
- Click Finished.
- Provided will be the text of a Certificate Signing Request file.
- Verify your CSR
- Copy and paste the entire body of that file into the enrollment page when prompted.
Once the certificate has been issued, follow the steps from this link to install it on the server: AR165