Lab 1.3: Renew expired certificates and deploy from BIG-IQ to managed BIG-IP

Note

Estimated time to complete: 5 minutes

We will now test how to renew an expired certificate on BIG-IQ, and push the renewed certificate & key pair to the managed BIG-IPs.

Lab environment access

If you have not yet visited the page Getting Started, please do so.

Tasks

  1. Login as david in BIG-IQ and navigate to Configuration > LOCAL TRAFFIC > Certificate Management > Certificates & Keys.
  2. Click on existing certificate created in the previous lab webappLab2.
../../_images/img_module1_lab3-12.png
  1. On the top right corner, click on Renew Certificate
../../_images/img_module1_lab3-21.png
  1. Fill the Key Password Password@123456 and click on Renew
../../_images/img_module1_lab3-31.png
  1. Notice the expiration date and serial number have changed.
../../_images/img_module1_lab3-41.png
  1. Deploy the SSL objects to the BIG-IP.

Navigate Deployment > Evaluate & Deploy > Local Traffic & Network.

Create a new deployment:

  • Source Scope: Partial Change
  • Method: Deploy Immediately
  • Source Objects: select both SSL certificate & Key
  • Target Device(s): SEA-vBIGIP01.termmarc.com

Click Deploy.

../../_images/img_module1_lab2-6.png
  1. From the lab environment, launch a remote desktop session to have access to the Ubuntu Desktop.

You can test the application service by opening Google Chrome browser on the Ubuntu Jumphost and type the URL https://10.1.10.126.

Notice the new certificate is now being used by the browser.

Note

The certificate shows not secure as we are using a demo Root CA not imported in the browser by default.

../../_images/img_module1_lab3-51.png