Create a RSA key file
Create a Certificate Request (CSR)
Generate Certificate form Microsoft CA or External CA
Install certificate and Chaining
Create RSA key file
The first step to create CSR is to create key file which will be used for encryption and decryption. In another way of saying this is very critical to secure your data passing over SSL.
Traffic management – SSL – SSL Files – Select Keys – Create RSA Key.
Provide information as shown below.
KeyFileName: SSLAB_COM_Wildcard.key
Key size: 2048
Public Exponent value : F4
Key format: PEM
PEM algorithm: DES3
PEM Passphrase and confirm : password for key file <very important to remember>
Create Certificate request (CSR)
Request file Name: SSLAB_COM_wildcard.csr
Key file Name: SSLAB_COM_wildcard.key ( created in the previous step)
Key format: PEM
PEM Passphrase: password is given for key file in the last step
Digest Method: SHA256
Common Name: *.sslab.com
Organization: SSLAB
Department: IT
Select state and country
Create
Select the CSR and download, open with text editor.
Generate Certificate form Microsoft CA or External CA
Open the CSR With text editor or notepad, copy the complete contents without any spaces in the last.
Send this information to external CA like GoDaddy or DigiCert. For Microsoft certificate authority steps are below.
select request certificate
Select advanced.
Copy the CSR contents as shown below , select type WEB SERVER then submit.
Select Base 64 encoded and download certificate, rename this certificate to wildcard.cer or so
Install certificate and Chaining
To install certificate go to Traffic management – SSL – Certificate – Server certificate – Click Install
Provide a decent name for the certificate, this will be the name visible in GUI.
Choose the certificate file received from MS CA or external CA – Select the key file created in step 1 – provide password given in step 1 – Install
Download and install all ROOT and intermediate certificates. they should be installed under SSL – Certificates – CA certificates. Just installation is enough no key file or password is required as they are CA certificates not our server certificate.
Then select our wild card certificate and Click on link.
It should provide the ROOT CA or relevent intermediate certificate which is already installed – Click OK.
Now the wild card certificate is installed as shown below.
Hope this post is helpful.