DigiCert® Trust Lifecycle Manager uses an on-premises sensor component to enable secure connectivity and management of F5 BIG-IP LTM appliances on your network.
The F5 integration architecture consists of the following components:
DigiCert® Trust Lifecycle Manager: The centralized management component where you configure the integration and subsequently monitor and manage certificates on the connected F5 appliances.
DigiCert® sensor: The on-premises component that acts as intermediary and handles communications and job processing for the integration. You install the sensor onto a dedicated host on your network that can connect outbound to both Trust Lifecycle Manager and the F5 appliances.
F5 BIG-IP LTM(s): The target F5 appliances that you connect to and manage from Trust Lifecycle Manager.
The sensor uses a pull communication model to synchronize with Trust Lifecycle Manager over outbound port 443 (HTTPS). It does not require any inbound access.
The sensor uses the iControl REST API and Advanced Shell to connect and manage each F5 BIG-IP LTM.
A single sensor can connect to multiple F5 appliances in either standalone or high availability (HA) mode.
You can use multiple sensors to enable failover access. If there's an issue with the primary sensor, Trust Lifecycle Manager will automatically fail over and use the other sensor(s) to re-establish connectivity with the F5 appliances.
Trust Lifecycle Manager supports integration with F5 BIG-IP LTM appliance versions 12.1.0 or greater. DigiCert has officially tested the following F5 appliance versions.
Appliance type | Versions1 |
|---|---|
F5 BIG-IP LTM | 12.1.0, 13.0.0, 13.1.1, 13.1.5, 14.0.0, 14.1.2, 15.0.0, 15.1.0, 16.1.2, 17.0.2 |
1. Version numbers listed here have been officially tested by DigiCert. Revisions of the same version (for example, F5 BIG-IP LTM 16.1.2.x) have not been officially tested, but are expected to work. | |
The integration with Trust Lifecycle Manager includes support for the following F5 BIG-IP LTM features:
Manage multiple virtual IPs (VIPs).
High availability (HA) configurations, including floating self-IP.
Use multiple Client SSL profiles on a single VIP.
Inherit settings from parent and previous Client SSL profiles.
Optionally store private keys on FIPS and NetHSM modules if available.
Automated propagation of iRules, policies, and client settings (for example, C3D) when rotating certificates.