Lab 1.4. - Create the SSL Profiles

In this section, you will define the virtual server IP address and its SSL profile settings.

Task - Create a Client SSL Profile

  1. Navigate to Local Traffic >> Profiles >> SSL >> Client, then click the + (plus symbol) to create a new SSL Profile

    image23

  2. Enter the name client_certsso

  3. Check the custom box to the right of Certificate Key Chain

  4. Click add

    image24

  5. Select acme.com-wildcard.crt from the certificate dropdown box

  6. Select acme.com-wildcard.key from the key dropdown box

  7. Click Add

    image25

  8. Check the custom box to the right of Client Certificate Constrained Delegation

  9. Select Enabled from the Client Certificate Constrained Delegation dropdown box

  10. Click Finished

    image26

  11. Click Finished

Task - Create a Server SSL Profile

  1. Navigate to Local Traffic >> Profiles >> SSL >> Server, then click the + (plus symbol) to create a new SSL Profile

    image27

  2. Enter server_certsso for profile name

  3. Check the two custom boxes next to Certificate and Key

  4. Select F5CertSSO.f5lab.local.crt from the certificate dropbox box

  5. Select F5CertSSO.f5lab.local.key from the key dropdown box

    image28

  6. Check the custom box about the Client Certificate Constrained Delegation box

  7. Select Enabled from the Client Certificate Constrained Delegation dropdown box

  8. Select F5SubCA.f5lab.local.crt from the CA Certificate dropdown box

  9. Select F5SubCA.f5lab.local.key from the CA Key dropdown box

  10. Click Finished

    image29