To import an SSL certificate into F5 is very easy. What you need is to ensure that you have both a .crt and .key files to complete this task. This can be extracted from the .pfx file received from your SSL certificate provider. Note: the version of BIG-IP I am demonstrating on is 10.2.0. for version 11.3.0, the menu is a bit different. See end of post for detail. Steps: – Log into your F5 machine → Click on “Local Traffic” \ “SSL Certificates” \”Import” – Click the drop-down → select Key – Select “Create New” → enter name of certificate → select “Paste text” and paste the key’s content – Go back to “Local Traffic” \ “SSL Certificates” → locate the new key created → click on it → you will notice the Certificate Subject(s) line is reporting No certificate – Next click on Import → select “Paste text” and paste the .
I will be covering the final piece of the AD CS configuration, configuring CA Online Responder. This will include configuring the Certificate Autoenrollment using group policy; adding the Revocation Configuration to the OCSP Responder; and Verify the AD CS setup. Setup Guide: 1. Configure Certificate Autoenrollment using group policy – Log onto the domain controller -> click Start ->Administrative Tools -> click Group Policy Management – Expand the Group Policy Objects in the forest\domain containing the Default Domain Policy Group Policy object (GPO) -> Right-click the Default Domain Policy GPO -> click Edit
For Certificate Authority to support the Online Responder service, we need to add the location of the Online Responder to the authority information access extension of issued certificates and enable the certificate templates. Requirement: IIS service is required. You will be prompted to install IIS during setup. Setup Guide: 1. Install Online Response Service – Click Start - Administrative Tools - click Server Manager – Expand Roles - right-click Active Directory Certificate Services - click Add role services – On the Select Role Services page - select the Online Responder check box - You are prompted to install IIS and Windows Activation Service - click Add Required Role Services - click Next – Click Next on Web Server IIS - On Select Role Services - click Next – On the Confirm Installation Selections page - click Install – When the installation is complete - Review the status page to verify that the installation was successful - click Close Note: During the setup process, a virtual directory named OCSP is created in IIS, and the ISAPI extension used as the Web proxy is registered.
In this post I will go through steps required in the installation and configuration of Active Directory Certificate Services (AD CS) on Windows Server 2008 R2. In addition to this, I will be looking at other AD CS components in later posts. Below is brief overview of these components: CA Web Enrollment: Web enrollment allows users to connect to a CA by means of a Web browser in order to Request certificates and review certificate requests; Retrieve certificate revocation lists (CRLs); Perform smart card certificate enrollment.