What is SSL/TLS?
At its core, Secure Sockets Layer (SSL) is a security technology while ensures the traffic link between a web server and end users, who access the web page, are communicating in a highly secured, and encrypted communications session. As a result, it proactively blocks man in the middle attacks and other potential security exploitations by ill intent hackers. When you use SSL, you connect to your web pages and resources using the HTTPS protocol instead of HTTP.
Having said that, SSL is not without any flaws and, over the years, vulnerabilities have been and continue to be discovered in the deprecated SSL protocols (e.g. POODLE, DROWN). A more secured cryptographic protocol is needed, now more than ever, thus Transport Layer Security (TLS) was born.
How to install SSL/TLS Certificate on an F5 Load Balancer Appliance?
In this guide, I am guiding to show you how to install a SSL certificate on an F5 Load Balancer. (Process is exactly the same for TLS)
- Verify all the required files. Download an SSL bundle provided by your SSL Certificate Authority (e.g. DigiCert, GoDaddy)
The SSL bundle zip should contain all the required files and certificates. For example:
DuniaAppCertificate.crt: Signed SSL/TLS certificate
DuniaAppBundle.crt: Certificate chain bundled in a single file
- Import the Cert Files to F5 to create the F5 SSL Certificate. Login to the F5 device using Administrator credentials. Go to the Main tab, expand System. Click SSL Certificate then click import.
- Import Type drop down, select Certificate.
- Create a certificate name (ex. duniaappsworld-cert).
- In the Certificate Source box, browse to the location of the DuniaAppBundle.crt file.Click import.
- Bind a key to the SSL Certificate. If Key file needs to be updated, Go to File Management : SSL Certificate List›› select key file that was created . Select import. In the Certificate Source box, browse to the location of the DuniaAppCertificate.crt file. Click import.
- Verify Certificate, Key and Chain of the SSL Profile. The Server Certificate and Key should now appear in the list.
- Go to Local Traffic ›› Profiles : SSL : Client ›› appsworld-ssl-profile
- On Certificate, select your Server Certificate, Key, and Chain that was imported earlier.
- Select update.
- Bind the SSL profile to nodes or pools where your Web server is configured.
- Test if SSL is updated on the main web page. Test if certificate has been updated using below link: