Configure the following settings in General form of the Make Request wizard.

Owner

The email address of the person responsible for the certificate – for example, the Web server operator.

Mandatory: Yes

Description

A brief description of the certificate purpose.

Mandatory: No

<custom>

Business-specific Custom Fields defined by your organization.

Mandatory: No

Access Tags

One or several Certificate Access Tags

Certificate Roles with any of these tags will grant permissions on the certificate.

Mandatory: No

Certificate Authority

The certificate authority that issues the certificate. See Authorities for how to register certificate authorities.

Mandatory: Yes

Certificate Profile

The certificate profile the certificate authority applies to issue the certificate. For certificates to be published in Destinations, consider the following profile limitations.

Destination

Limitations

​Apache

Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature).

Azure

Does not support issuing certificates from a CSR.

Nginx

​Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature).

The selected certificate profile must be configured in CA Gateway for the Certificate Authority. 

Mandatory: Yes

Use a key manager (KMS) to generate the key pair

To generate the certificate key pair with a key manager, check this box and select a key manager from the Key Manager list.

For the key managers described in Creating a F5 BIG-IP key manager, also configure the settings in the table below.

Setting

Value

​Client SSL Profile

A BIG-IP Client SSL profile

Server SSL Profile

A BIG-IP Server SSL profile

See Key Managers for creating key managers and techdocs.f5.com for a reference of the supported BIG-IP Client SSL profiles.