Add the F5 BIG-IP LTM connector in DigiCert® Trust Lifecycle Manager to integrate with and discover existing assets on the F5 network appliance.
Make sure to verify the prerequisites for the F5 integration. You will need:
An active DigiCert sensor that can manage the integration.
The management IP address and port number for the F5 appliance.
Account credentials for a user on the F5 appliance with the Administrator role.
The F5 user account properties must have the Terminal Access property set to
Advanced shell
.
To add the F5 BIG-IP LTM connector in Trust Lifecycle Manager:
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Select the Add connector button.
In the Appliances section, select the option to add a connector for F5 BIG-IP LTM.
Complete the form as described in the following steps.
Enter a friendly Name for this connector.
Select a Business unit for this connector. Only users assigned to this business unit can manage the connector.
For the Managing sensor, select an active DigiCert sensor to use to manage this connector.
To enable fault-tolerant connectivity, you can select multiple sensors here. If one of the sensors fails, Trust Lifecycle Manager will automatically fail over and use one of the other sensors.
Enter the Management IP address and Management Port number for the F5 appliance.
For high availability (HA) configurations, enter either the floating IP or the management IP of one of the load balancers. Trust Lifecycle Manager will automatically detect the HA peer configuration.
Enter a Username and Password for a user account on the F5 that has the Administrator role and the Terminal Access property set to
Advanced shell
under account properties.Under Additional settings, select options for how Trust Lifecycle Manager should install certificates and keys on the F5 appliance:
Private key storage location: Select an option for where to store private keys when installing certificates on the F5 appliance:
F5 Big-IP filesystem: Store key files in the standard storage location on the built-in F5 drive. This is the default option and does not require additional F5 hardware modules.
FIPS module: Store key files in a Federal Information Processing Standards (FIPS) hardware security module (HSM) on the F5. This option ensures compliance with U.S. government security requirements.
NetHSM: Store private key files in a network hardware security module (NetHSM) on the F5. This option enables centralized management of cryptographic keys across multiple devices.
Update existing Client SSL profile for new certificates: Enable this option to update the existing Client SSL profile instead of creating a new Client SSL profile (derived from the existing one) each time a new certificate is installed.
Always save intermediate CA certificate files: Enable this option to always save a fresh copy of the CA certificates when installing a new end-entity certificate, even if those CA certificates are already present on the F5.
Use custom filename format: Enable this option to specify a custom filename format (not including the file extension) to use when adding certificate, key, and profile files to the F5. The default filename format is {{commonname}}_{{DDMMYYYY}}_{{randomstring}}, where:
{{commonname}}: Common name of the applicable certificate.
{{DDMMYYYY}}: File creation date in
DDMMYYYY
format.{{randomstring}}: A random string to help uniquely identify the certificate.
You can customize the filename format in the following ways:
Filename prefix: Add a standard prefix to all files installed to the F5 by Trust Lifecycle Manager.
Date format: Select a file creation date format other than
DDMMYYYY
.
Recover Previous Settings: Enable this option if you had a previous connector to the same F5 BIG-IP LTM appliance and want to recover the certificate auto-renewal and lifecycle event settings from it. If enabled, Trust Lifecycle Manager obtains the automation schedule from the most recent deleted connector for this same F5 appliance and applies any scheduled auto-renewal or automation events to the matching certificates on the new connector. This setting only gets applied once, when you first add the new F5 connector.
Select the Add button at bottom to create the connector with the configured settings.
After adding the connector, Trust Lifecycle Manager discovers details about the F5 appliance including the version, partitions, virtual IPs (VIPs), and existing certificates on it.
To see the F5 appliance details in Trust Lifecycle Manager:
From the Trust Lifecycle Manager main menu, select Integrations > Connectors.
Locate the F5 connector in the table and select the connector Name to load the details for it.
Sugerencia
To only list F5 connectors in the table, open the filter next to the Provider column header and select F5 BIG-IP LTM.
The connector details page has the following sections:
Top summary: Basic status and properties for the F5 connector.
Assets found on this connector: Number of certificates and endpoints Trust Lifecycle Manager discovered on the F5 appliance.
Details: Information about the connected F5 appliance including the version, management IP/port, partitions, and more.
Trust Lifecycle Manager adds the discovered certificates and virtual IPs from the F5 appliance to your Inventory so you can view and manage them all.