Updating SSL Certificates to 2048-bit

Today’s Issue:

The1024-bit SSL Certificates in front of my IIS website have expired, and I need to renew them, but my provider now issues exclusively 2048-bit SSL Certificates

Where We Are:

Usually, you’d simply hit the Renew button in the Management UI (Local Traffic >> SSL Certificates >> Certificate of Choice), but that only gets me another 1024-bit request

How We Got Here:

Way back when, I had a helluva time trying to figure out how to get from my IIS-requested SSL certificates, to a Certificate & Key that could be consumed by my BigIP.

The good news is, the process for splitting up your PFX into CRT and KEY files is the same as it ever was, but there were a few more steps to get to that point… in short:

  1. Create a new 2048-bit cert request using the IIS MMC on my webserver
  2. Get the response back from my Certificate Issuer & install on my webserver using the IIS MMC (Complete Certificate Request)
  3. Then go through the process outlined previously
  4. Install the cert & key files on F5
  5. Map the WEBSERVER_clientssl_profile on the BigIP (Main > Local Traffic > Profiles > SSL > Client > WEBSERVER_clientssl_profile) to use the new cert & key

And we’re done.  Clear your cache, browse to the website, and validate the site Certificate, and you should now see the new certificate.

Hope that helps.


1 Response to “Updating SSL Certificates to 2048-bit”

  1. 1 Era
    January 18, 2012 at 11:50 pm

    Hi, really thanks for this info. Can I ask you about the directory of SSL certificate?
    After I import my cert and key via web GUI, I want to see my key and cert from the tmsh.
    I go to the /config/ssl/ssl.crt, but I didn’t find the cert that I import before.
    I use BIG IP LTM&WA v11.
    Need help, if you can share about the directory location of SSL cert.

    Thank you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: