Friday, August 20, 2010

Using PFX key/cert on an F5

Well it's been too long since I've had a post so I figured I'd better get working. In this one, I go over the topic of bringing a PFX formatted key and certificate into an F5 Local Traffic Manager (load balancer).

The Quick And Dirty

The F5 LTM won't take an PFX file directly, so you need to convert it to PEM. This is most easily done using OpenSSL. Upload the PFX to a system with OpenSSL (most Linux systems will have this installed). Then simply run the command like this (it's all one line):

openssl pkcs12 -in filename.pfx -out filename.pem -nodes

Open up the new PEM file and pull out the base64 encoded key and certificate. (Be careful with the key because it's not password protected anymore!)

Now log into the F5 and goto Main -> Local Traffic -> SSL Certificates. Click on the Import... button. Select the Import Type as Key, type in the name of the key, and select Paste Text. Now you paste in your private key, including the lines -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- and the click the IMPORT button.

You'll be returned to the Certificate List. Click on the name of the key you just created, then click on the Import... button. Select Paste Text and paste in the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines. Then click the IMPORT button. If everything was successful the Certificates list will show Certificate & Key in the Contents column beside your new key name.

You're now ready to use the certificate!