Installation Instructions for F5 BIG-IP Load balancer version 9.x and 10.x

Solution ID:    SO16541    Updated:    02/18/2015


To install RapidSSL certificate for Big-IP F5 Version 9.x and 10.x, please follow the steps below. If you are unable to use these instructions for your server, RapidSSL recommends that you contact either the vendor of your software or an organization that supports F5 BIG-IP server.
Step 1. Download the Intermediate CA Certificate
           NOTE:  All SSL certificates require the installation of an Intermediate CA certificate.
    1.    Go to RapidSSL Intermediate CA Certificates page

    2.    Select the Intermediate CA certificate according to your SSL product.

    3.    Copy the entire text of the Intermediate CA Bundle certificate from the Symantec Web site, 
           including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    4.    Paste the file using Vi or Notepad and save it as intermediate_ca.crt using Vi or Notepad. 

           NOTE:  Do not use Microsoft Word or other word processing programs that may add characters. 
           Do not include any leading or trailing whitespace before the beginning and ending hyphens. 

    5.    Save the file to the following location: /config/bigconfig/ssl.crt/intermediate_ca.crt 

           NOTE: In a redundant system, the keys and certificates must be in place on both controllers
           before you configure the SSL Accelerator. You must do this manually as the configuration
           synchronization utilities do not perform this function.

 Step 2. Install the Intermediate CA Certificate

    1.    Log in to the Configuration utility.

    2.    Click Local Traffic.

    3.    Click SSL Certificates.

  4.    Click Import

  5.    Select Certificate from the Import Type menu.

    6.    Click the Create New option.

    7.    Type a unique name for the Certificate Name.

    8.    Click Browse and navigate to the file you saved as intermediate_ca.crt.

    9.    Click Open.

  10.    Click Import.  


Step 3. Obtain the SSL Certificate

    1.    The RapidSSL certificate will be sent by email.

    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

            The text file should look like:

            -----BEGIN CERTIFICATE-----

                       [encoded data]

            -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and
           that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: The certificate can be also downloaded from the RapidSSL User Portal by
           following the steps from this link: SO16222

           Please select X.509 as a certificate format and copy only the End Entity Certificate.
    4.    Save the file with extension .crt

Step 4. Install the SSL Certificate 

    1.    In the navigation pane, click Proxies.

    2.    On Proxies screen, click the Install SSL Certificate Request tab. 
           The Install SSL Certificate screen opens.

    3.    In the Certfile Name box, enter the fully qualified domain name of the server with
           the file extension .crt. If you generated a temporary certificate when you submitted
           a request to RapidSSL, you can select the name of the certificate from the drop down
           list. This allows you to overwrite the temporary certificate with the new one.
    4.    Paste the text of the certificate into the Install SSL Certificate window. 

    5.    Click Write Certificate File to install the certificate. After the certificate is installed, 
           you can continue with the next step in creating an SSL gateway for the server.

Step 5. Establish the Trust Chain          

           NOTE: The proper Intermediate CA certificate must be set to ensure a complete chain of trust.

    1.    Log in to the Configuration utility. 

    2.    Click Local Traffic.

    3.    Click Profiles.

    4.    Select Server from the SSL menu.

    5.    Select the Server SSL profile to configure.

    6.    Select Advanced from the Configuration menu.

    7.    Select the appropriate chain certificate from the Chain dropdown box.

    8.    Click Update.
           NOTE: Please refer to the screenshot of the F5 Big-IP interface


     9.    To verify if your certificate is installed correctly, use the RapidSSL Installation Checker

F5 Support

            For additional information refer to F5's KB solution: SOL6401


RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips