Description
Customers that use SSL HTTP service or WAF Proxy (with SSL configured) service and/or has restrictions on sharing the actual Certificate and Private Key with 3rd party vendors.
What is a CSR?A Certificate Signing Request (CSR) is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is a certificate file that contains information such as the organization name, common name (domain name), locality, and country. After the CSR is created, Silverline will share the CSR file via the Secure Uploads section of the portal. A certificate authority (CA) will then use the CSR provided to create your SSL certificate. However, as the CA vendor does not need your private key, Silverline will keep your Private Key in a secure location that complies to PCI requirements and is never shared to anyone else. Once the new certificate is signed by the CA vendor, submit the validated certificate file to Silverline and the SOC will create/deploy the brand-new SSL certificate/key pair to the portal. |
Environment
- Silverline WAF
- Silverline DDoS
- Proxy/Proxies
- SSL HTTP/WAF Proxy Service Type
Procedure
Scope of Silverline Support
- F5 Silverline will only receive Certificates or Keys from the Customer . We will never provide these to customers.
- Please upload the files to the Secure Upload section of portal or to the SSL management portion of portal directly.
- Do not ever mail a key to Silverline or support@f5silverline.com
- F5 Silverline will never provide any private key to the Customer.
- F5 Silverline will generate a Certificate Signing Request (CSR) and provide only that file to the Customer. The Key and/or Passphrase will not be shared.
- F5 Silverline will remove/delete any items related to the CSR process (Cert, Key and/or Passphrase) once the SSL certificate has been signed and uploaded to the portal.
Requirements & Steps
To request a CSR:
- Provide the answers in the following table into a text file.
- Upload the text file via the Secure File Repository within the Portal.
|
Data Field |
Example Value |
Notes |
|
Common Name |
www.example.com |
The fully qualified domain name (FQDN) of your server. This must match exactly what you type in your web browser or you will receive a name mismatch error. |
|
Organization |
Example, Inc. |
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. |
|
Organizational Unit |
Security Team |
The division of your organization handling the certificate. |
|
City/Locality |
Seattle |
The city where your organization is located. |
|
State/County/Region |
WA |
The state/region where your organization is located. This shouldn't be abbreviated. |
|
Country |
US |
The two-letter ISO code for the country where your organization is located. |
|
Email Address |
it@example.com |
An email address used to contact your organization. |
|
Key Size |
RSA-2048 |
RSA Key size, default is 2048-bit |
Subject Alternative Names
The Subject Alternative Name field lets you specify additional hostnames (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate.
Please indicate to the SOC, if you want the CSR file to support multiple domains or a wildcard domain like "*.example.com" for example. Also, please indicate the additional domains to be added/included in the CSR file.
Note: Due to security-related reasons, the key file generated, and the CSR file generated aren't stored for a long period of time, a maximum of 48 hours after the notification of the creation of the files. This limited storing time is part of efforts to comply with our internal security standard policy.