Configure the following settings in the General form of the Renewal wizard.

Owner

The email address of the person responsible for the certificate – for example, the Web server operator.

Description

A brief description of the certificate purpose.

<custom>

Business-specific Custom Fields defined by your organization.

Access Tags

One or several Certificate Access Tags

Certificate Roles with any of these tags will grant permissions on the certificate.

Certificate Authority

The certificate authority that issues the certificate. See Authorities for how to register certificate authorities.

Certificate Profile

The certificate profile the certificate authority applies to issue the certificate. For certificates to be published in Destinations, consider the following profile limitations.

Destination

Limitations

​Apache

Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature).

Azure

Does not support issuing certificates from a CSR.

Nginx

​Requires a certificate profile with "Web Server" or dual usage (key encipherment and digital signature).

The selected certificate profile must be configured in CA Gateway for the Certificate Authority. 

Use a key manager (KMS) to generate the key pair

To generate the certificate key pair with a key manager, check this box and select a key manager from the Key Manager list.

For the key managers described in Creating a F5 BIG-IP key manager, also configure the settings in the table below.

Setting

Value

​Client SSL Profile

A BIG-IP Client SSL profile

Server SSL Profile

A BIG-IP Server SSL profile

See Key Managers for creating key managers and techdocs.f5.com for a reference of the supported BIG-IP Client SSL profiles.