Installing SSL certificates on the F5 BigIP in bulk

Today while planning the migration from CSS I had to setup an F5 box with literally hundreds of SSL certificates. Being the lazy guy I simply refused to import them one by one. It would be tedious, boring job and prone to the errors. It turns out that you can import almost any amount of certificates in relatively simple way.

  • On your local machine, create a directory with all the certificates (and keys if you want) and run the command
tar -czvf my_cert_package.tgz *
  • This creates a compressed archive with the specified filename
  • Log onto the F5 and goto Local Traffic -> SSL Certificates -> Import
  • Select archive (my_cert_package.tgz), and upload the file
  • This will take you to a follow up screen where you can choose which certs to import

Now it’s up to you to create all the SSL profiles to use the certificates. The GUI can be a bit laborious for bulk tasks like that, so check out the TMSH guide to see how you can do it via the command line.