When loading certificates into a BIG-IP LTM to configure trusted chains, you often need to create a certificate bundle. This bundle is attached to an SSL profile to advertise accepted certificates during an SSL handshake or to provide the full chain of trust to a client machine.
A certificate bundle is simpler than it sounds: it is merely a series of Base64 encoded certificates listed sequentially in a single text file. Follow these steps to create and import yours.
Manual Steps to Create a Bundle:
- Create a text file: Use a plain text editor like Notepad or TextEdit.
- Assemble the Chain: Copy the Base64 encoded text for each certificate in your chain (Server > Intermediate > Root) and paste them into the file one after another.
- Ensure there are no extra spaces between the
-----END CERTIFICATE-----and-----BEGIN CERTIFICATE-----tags.
- Ensure there are no extra spaces between the
- Navigate to Import: On your BIG-IP device, go to:
System > Certificate Management > Traffic Certificate Management > SSL Certificate List > Import. - Set Import Type: Choose Certificate.
- Name the Bundle: Give it a recognizable name (e.g.,
Corp_Chain_Bundle_2026). - Upload or Paste: Either upload the text file you created or select Paste Text and copy the contents directly into the browser box.
- Click Import: The bundle is now ready to be selected in the "Chain" field of your SSL Profile.
Pro Tip: If you are managing many certificates, consider exploring the F5 Bundle Manager for automating updates to CA trust anchors.