Configure the following settings in the General form of the Create wizard.
Owner
The email address of the person responsible for the certificate – for example, the Web server operator.
Mandatory: Yes
Description
A brief description of the certificate purpose.
Mandatory: No
<custom>
Business-specific Custom Fields defined by your organization.
Mandatory: No
Access Tags
One or several Certificate Access Tags.
Certificate Roles with any of these tags will grant permissions on the certificate.
Mandatory: No
Certificate Authority
The certificate authority that issues the certificate. See Authorities for how to register certificate authorities.
Mandatory: Yes
Certificate Profile
The certificate profile the certificate authority applies to issue the certificate. For certificates to be published in Destinations, consider the following profile limitations.
Destination | Limitations |
---|---|
Apache | Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature). |
Azure | Does not support issuing certificates from a CSR. |
Nginx | Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature). |
The selected certificate profile must be configured in CA Gateway for the Certificate Authority.
Mandatory: Yes
Use a key manager (KMS) to generate the key pair
To generate the certificate key pair with a key manager, check this box and select a key manager from the Key Manager list.
For the key managers described in Creating a F5 BIG-IP key manager, also configure the settings in the table below.
Setting | Value |
---|---|
Client SSL Profile | A BIG-IP Client SSL profile |
Server SSL Profile | A BIG-IP Server SSL profile |
See Key Managers for creating key managers and techdocs.f5.com for a reference of the supported BIG-IP Client SSL profiles.