How to Generate Certificate Signing Request (CSR) in F5 Big-IP Load Balancer 11


This document provides CSR generation instructions for F5 BIG IP version 11.x. If you are not able to perform these steps on your server, RapidSSL recommends to contact the server vendor or the organization, which supports F5.

NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR and certificate must all match in order for the installation to be successful.

NOTE: All certificates that will expire after October 2013 must upgrade to a 2048-bit key size. 

To create a new Certificate Signing Request using the Configuration utility, perform the steps bellow:

1.    Login to the F5-BIG IP console

2.    On the left Panel, click on File Management

3.    Choose SSL Certificate List

4.    Choose New SSL Certificate

5.    Fill the form to generate the CSR:

- Issuer: Certificate Authority RapidSSL.

- Common name: FQDN (fully-qualified domain name) of the server (e.g.,,, or for wildcard certificate *

- Division: A department name, such as 'Information Technology'.

- Organization: The full legal name of the organization.

- Locality, State or Province, Country: City, state, and country where the organization is located. Do not abbreviate.

- E-mail Address: Your email.

- Challenge Password, Confirm Password: Enter a password.

The key size must be 2048 bits for all SSL Certificates.

6.    Click Finished 

7.    Copy the CSR (including the BEGIN and END tags) as seen below:

                   [encoded data]


8.    Proceed with the Enrolment and paste the CSR in the required field.

Contact Information

During the verification process, RapidSSL may need to contact your organization. Be sure to provide an email address, phone number and fax number that will be checked and responded to quickly. These fields are not part of the certificate.

F5 Support

For more information please click here

NOTE: Starting from BIG-IP version 10.1.0 and Enterprise Manager version 1.8.0, the default signing algorithm used is SHA-1 which is recommended as the signing algorithm by RapidSSL.




WarungSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, WarungSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. WarungSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.

Further, WarungSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.


We uses cookies to remember and process the items in your shopping cart as well as to compile aggregate data about site traffic and interactions so that we can continue improving your experience on our site.