Big-IP is a product of F5 Networks, an Application Delivery and Networking Company in US, a widely used tool, which ensures that applications are running fast, securely and is reliably available on the network. Big-IP is the world’s most comprehensive application delivery tool.

After applying for an SSL certificate you will receive it via e-mail, which contains 3 certificate files – your primary server certificate, a root certificate identifying the SSL provider, and an intermediate certificate. Once you have downloaded these 3 certificate files you will need to copy them onto your Big-IP controller.

Steps to install SSL Certificates on F5 Big-IP

For F5 Big-IP version 9 or higher:

Step 1: Installing SSL certificate

(1) To get started, run the ‘F5 Big-IP’ load-balancer web GUI

(2) Here, select SSL Certificates under the Local Traffic menu.

(3) Now under General Properties, select the certificate name that you assigned while creating the CSR.

(4) Browse for the certificate file that you received from the certificate authority via Email, or downloaded from your control panel.

(5) Now Click Import and then click Open.

Your SSL certificate is now installed.

SSL certificate Installation on F5 Big IP

Figure 1 : SSL certificate Installation on F5 Big IP

Step 2: Enable Intermediate certificate

(1) Under the menu Local Traffic you need to select SSL certificate, and then click on Import.

(2) Select the certificate again under the Import Type and then click on the option Create New.

(3) Enter a friendly name for your certificate and browse for the intermediate certificate file received via Email

(4) Now, import it by clicking on Open.

Your intermediate SSL Certificate is now Installed.

Import SSL certificate & keys on F5 Big IP

Figure 2 : Import SSL certificate & keys on F5 Big IP

Step 3: Configuration of your server for SSL

(1) Create or open the SSL profile that you will be using with the SSL certificate.

(2) Click on Advanced from the drop-down menu, under the Configuration window.

(3) Now, select the SSL certificate public/private key pair that was installed by you in the beginning.

(4) Under the Chain section, browse for the certificate friendly name that you chose during Step 2 and click on Save and Exit.

With this step, your server is now configured properly, along with a successfully installed and enabled SSL certificate on F5 Big-IP.


For F5 Big-IP version below 9.x:

As discussed in Step 1 above, download your primary, intermediate and root certificate. Here, you only need the primary server certificate and intermediate certificate for the installation process on your F5 Big-IP device.

Perform following steps:

(1) Using FTP (File Transfer Protocol) move your Primary and Intermediate certificates onto your F5 Big-IP device.

(2) Rename your primary certificate with ‘yourdomain.crt’ and copy it into the ‘/config/bigconfig/ssl.crt/’ folder on your F5 Big-IP device. Follow the same process to copy your Intermediate-ca.crt certificate (sometimes also called CA1-Certificate or CA2- Certificate) into the/config/bigconfig/ssl.crt/’ folder on your F5 Big-IP device.

(3) Restart the Proxy by executing following commands:

(i) # bigpipe proxy :443 disable

(ii) # bigpipe proxy :443 enable

With this step, your certificate is successfully installed on your F5 Big-IP device.


Related Posts

Buy SSL Certificate at Cheap Prices

Get maximum discounts of up to 89% on DV, Wildcard, Multi-Domain, OV & EV SSL Certificate at CheapSSLsecurity. Boost up customer trust and secure their confidential information with high level encryption.

Buy Positive SSL at $5.45 Per Year


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.