{"id":1123,"date":"2012-01-13T23:01:07","date_gmt":"2012-01-13T16:01:07","guid":{"rendered":"http:\/\/www.jaringankita.com\/blog\/?p=1123"},"modified":"2012-07-13T17:09:58","modified_gmt":"2012-07-13T10:09:58","slug":"how-to-move-ssl-certificate-from-microsoft-iis-f5","status":"publish","type":"post","link":"https:\/\/www.jaringankita.com\/blog\/how-to-move-ssl-certificate-from-microsoft-iis-f5","title":{"rendered":"How to move Verisign SSL certificate from Microsoft IIS Into F5 Big-IP"},"content":{"rendered":"
\n

\"\"<\/a><\/h3>\n

<\/h3>\n

Today I have struggled about how to import SSL Certificate into F5,\u00a0 I have look around from the internet and come with a solution. I will share it to you below. Here are the steps and solution:<\/p>\n

<\/h3>\n

Problem<\/h3>\n
\n

1.How to move certificate from IIS to F5 Big-IP
\n2.Move certificate from IIS to F5 big-IP
\n3.Export certificate
\n4.Import certificate<\/p>\n<\/div>\n<\/div>\n

\n

My Resolution:<\/h3>\n
\n

To move an SSL certificate from a Microsoft IIS 5.0 \/ 6.0 to F5 Big-IP server, perform the following steps:<\/p>\n

Step 1: Create a Microsoft Management Console (MMC) Snap-in for managing certificates<\/strong><\/span><\/p>\n

Create a Microsoft Management Console (MMC) Snap-in for managing certificates, as described in solution SO6127<\/a>.<\/p>\n

 <\/p>\n

Step 2: Export SSL certificate from Microsoft IIS 5.0 \/ 6.0<\/strong><\/span><\/p>\n

1.\u00a0 Open the Certificates (Local Computer) snap-in you added, and select Personal <\/strong>> Certificates<\/strong>
\n2.\u00a0 The Subject field of the certificate lists the Common Name (CN). (Click Tools<\/strong> > Internet Options <\/strong>> Content to view the Common Name if you are not sure)
\n3.\u00a0 Right-click on the desired certificate and select All Tasks<\/strong> > Export<\/strong>. The Certificate Export Wizard opens
\n4.\u00a0 Select Yes<\/strong>, export the private key
\n5.\u00a0 Click Next<\/strong>
\n6.\u00a0 In the Export File Format <\/strong>window, ensure the option for Personal Information Exchange\u00a0 – PKCS#12 (.pfx) <\/strong>is selected
\n7.\u00a0 Select Include all certificates in the certificate path if possible <\/strong>and then click Next<\/strong>. (If you do not select the Include all certificates in the certificate path if possible option, your server may not recognize the issuer of the certificate, which may result in security warnings for your clients.
\n8.\u00a0 De-select Require Strong Encryption<\/strong>. (This may cause a password prompt every time an application attempts to access the private key or it may cause IIS to fail).
\n9.\u00a0 Click Next<\/strong>
\n10.\u00a0 Enter and confirm a password to protect the PFX file and click Next<\/strong>
\n11.\u00a0 Choose a file name and location for the export file (do not include an extension in your file name; the wizard automatically adds the PFX extension for you)
\n12.\u00a0 Click Next<\/strong>
\n13.\u00a0 Read the summary and verify that the information is correct. Pay special attention to where you saved the file. Ensure that the information is correct
\n14.\u00a0 Click Finish<\/strong><\/p>\n

 <\/p>\n

Step 3: Convert PFX file to compatible files for F5 Big-IP<\/strong><\/span><\/p>\n

1. Move the .pfx file to the F5 Big-IP server
\n2. To extract the private key, run the OpenSSL command:\u00a0 openssl pkcs12 -in <filename>.pfx\u00a0 -nocerts -out key.pem<\/strong>
\n3. To extract the certificate (public key), run the OpenSSL command:\u00a0 openssl pkcs12 -in <filename>.pfx -clcerts -nokeys -out cert.pem<\/strong><\/p>\n

 <\/p>\n

Step 4: Install CA Certificate<\/strong><\/span><\/p>\n

Secure Site<\/strong>
\nIf you are installing a Secure Site Certificate, you need to first install the Secure Site Intermediate CA Certificate<\/a>.<\/p>\n

Secure Site Pro<\/strong>
\nIf you are installing a Secure Site Pro Certificate, you need to first install the Secure Site Pro Intermediate CA Certificate<\/a>.<\/p>\n

1. Copy the entire text of the Intermediate CA Certificate from the VeriSign Web site, including the<\/p>\n

—–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.<\/p>\n

2. Paste<\/strong> into a file named intermediate-ca.crt<\/strong> using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters.\u00a0 Do not to include any leading or trailing whitespace before the beginning and ending hyphens.
\n3. Place the intermediate-ca.crt file in the directory:\u00a0 \/config\/bigconfig\/ssl.crt<\/strong>
\n4. The full path to the file is:\u00a0 \/config\/bigconfig\/ssl.crt\/intermediate-ca.crt<\/strong><\/p>\n

In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.<\/p>\n

 <\/p>\n

Step 5: Install SSL certificate for F5 Big-IP<\/strong><\/span><\/p>\n

Note:<\/strong> The private key & public key file that was extracted as a .pfx file (performed on Step 3<\/strong>) including the VeriSign Intermediate CA will be place on F5 Bip-IP server. On the F5 Big-IP, create an SSL proxy (or edit an existing one) and configure it to use the certificate and key files.<\/p>\n<\/div>\n<\/div>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Today I have struggled about how to import SSL Certificate into F5,\u00a0 I have look around from the internet and come with a solution. I will share it to you below. Here are the steps and solution:<\/p>\n","protected":false},"author":6,"featured_media":226,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,29],"tags":[783,1075,722],"class_list":["post-1123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-f5","category-information-security","tag-certificate","tag-f5","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/comments?post=1123"}],"version-history":[{"count":16,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1123\/revisions"}],"predecessor-version":[{"id":1405,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1123\/revisions\/1405"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/media\/226"}],"wp:attachment":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/media?parent=1123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/categories?post=1123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/tags?post=1123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}