How to Generate a CSR for F5 BIG-IP

You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.

Follow the following steps to create a new certificate request using the Configuration utility:

  1. To connect to the Configuration Utility: Enter the administrative IP address of the BIG-IP device in the browser: https://

  2. Click Yes when the Security Alert dialog box appears.

  3. When the authentication dialog box appears, enter user name and password and click OK.

  4. The Welcome screen opens.

  5. In the navigation pane, click Proxies > Create SSL Certificate Request tab.

  6. Select a key length (2048) and a key file name in the Key Information section.

  7. Enter the following information in the Certificate Information section:

    a. Country Name: Use the two-letter code without punctuation for country, for example: US

    b. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Ohio

    c. Locality or City: The locality field is the city or town, for example: Atlanta

    d. Company: If your company or department have an &, @, or any other symbol in its name, you must spell it out or omit the characters to enroll.

    e. Organizational Unit: This field is optional but can be useful in helping identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization or department unit making the request.

    f. Common name: The Common Name is the Host + Domain name. It looks like "" or ""

    NOTE: SSL certificates can only be used on the Web server using the Common Name specified during enrollment. For example, a certificate for the domain "" will receive a warning if accessing a site named "" or "", because the URLs are different than the original domain name, "".

  8. Click Generate Certificate Request.

  9. Verify your CSR.

  10. Start the process of obtaining a certificate from VeriSign in the SSL Certificate Request screen.

  11. Click on the URL for the SSL certificate product to obtain a certificate for the server.