How to install Thawte Certificate on Big IP F5 9.x & 10.x

Solution ID:    SO14844    Updated:    05/09/2016


Install Thawte Certificate on Big IP F5 9.x and 10.x


To install your Thawte Certificate on Big IP F5 9.x follow the instructions below:

This document provides instructions for installing Thawte Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Big IP F5 9.x.

Step 1: Obtain the Thawte Intermediate CA certificate

  1. Download the Thawte Intermediate CA from the following solution: INFO1384
  2. Copy and paste the Thawte Intermediate CA into a text file and then save the file "intermediate.crt".

Place the intermediate.crt file in the directory: /config/bigconfig/ssl.crt. The full path to the file is: /config/bigconfig/ssl.crt/intermediate.crt

In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.

Step 2: Install the Thawte SSL123 Certificate

  1. Download your certificate as per the instruction on the following solution: SO13187
  2. Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
  3. In the navigation pane, click Proxies.
  4. On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
  5.  In the Certfile Name box, enter the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to Thawte, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from Thawte.
  6. Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
  7. Click Write Certificate File to install the certificate. After the certificate is installed, you can continue with the next step in creating an SSL gateway for the server.

Step 3: Establish the trust chain:  The proper Intermediate CA certificate must be set to ensure a complete chain of trust. 

  1. Create the SSL Profile
  2. Select the proper certificate and CA
  3. Open the SSL Profile
  4. Within the Configuration, select Advanced
  5. Select the appropriate certificate for your website
  6. Select the corresponding private key
  7. Within Trusted Certificate Authorities or Chain, select the  Intermediate  named "EV_intermediate"
  8. Save and Close Properties

NOTE: Please refer to the screenshot of the F5 Big-IP interface

For additional information, please refer to F5's knowledge base solution: SOL6401 - Configuring the BIG-IP to use an SSL chain certificate


Step 4: Test the certificate installation:

To verify if your certificate is installed correctly, use the Thawte Installation Checker



Legacy ID



Thawte has made efforts to ensure the accuracy and completeness of the information in this document. However, Thawte makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Thawte assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, Thawte assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Thawte reserves the right to make changes to any information herein without further notice.  

Find Answers

Search Tips