X.509 Certificates
Overview
X.509 is the most widely used standard for creating digital certificates.
Authentication relies on each user possessing a unique distinguished name (DN), denoted by a Naming Authority (NA) and accepted by a Certification Authority (CA) as unique within the CA's domain. The same user can have different DNs in different CAs.
Secure Socket Layer (SSL) allows for encryption and certification functionality in a TCP/IP environment. You can use the open source package OpenSSL to generate X.509 certificates.
SSL Accelerator Cards
SSL Accelerator Cards on BIG-IP systems require X.509 certificates. To generate an X.509 certificate:
- Generate an RSA key. You will be prompted for a passphrase to use when starting your webserver. If you lose or forget the passphrase, purchase another certificate. Here is an example:
openssl genrsa -des3 -out www.yourdomain.com.key 1024or
openssl genrsa -des3 -rand /var/run/egd-pool -out www.yourdomain.com.key 1024- Create a CSR with the RSA private key (output will be PEM format). You will be prompted for your passphrase.
openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr
![]()