X.509 Certificates

 

Overview

X.509 is the most widely used standard for creating digital certificates.

Authentication relies on each user possessing a unique distinguished name (DN), denoted by a Naming Authority (NA) and accepted by a Certification Authority (CA) as unique within the CA's domain. The same user can have different DNs in different CAs.

Secure Socket Layer (SSL) allows for encryption and certification functionality in a TCP/IP environment. You can use the open source package OpenSSL to generate X.509 certificates.

 

SSL Accelerator Cards

SSL Accelerator Cards on BIG-IP systems require X.509 certificates. To generate an X.509 certificate:

  1. Generate an RSA key. You will be prompted for a passphrase to use when starting your webserver. If you lose or forget the passphrase, purchase another certificate. Here is an example:

    openssl genrsa -des3 -out www.yourdomain.com.key 1024

    or

    openssl genrsa -des3 -rand /var/run/egd-pool -out www.yourdomain.com.key 1024

  2. Create a CSR with the RSA private key (output will be PEM format). You will be prompted for your passphrase.

    openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr

 

Home