F5 BIG-IQ Centralized Management Lab > BIG-IQ All Labs > Class 6: BIG-IQ LTM Configuration Management Source | Edit on
Module 1: SSL Certificate Management¶
In this lab, you will be able to manage the BIG-IP local traffic SSL certificates from BIG-IQ.
From one centralized location, BIG-IQ makes it easy for you to request, import, and manage CA-signed SSL certificates, as well as import signed SSL certificates, keys, and PKCS #12 archive files created elsewhere. And if you want to create a self-signed certificate on BIG-IQ for your managed devices, you can do that too.
SSL certificates will come in two flavors, managed or unmanaged. When BIG-IQ discovers a BIG-IP, it is only able to pull the metadata about a cert from the BIG-IP. This process completes the cert and key information on the BIG-IQ, so that BIG-IQ can fully manage the discovered certs.
Once you’ve imported or created an SSL certificate and keys, you can assign them to your managed devices by associating them with a Local Traffic Manager clientssl or serverssl profile, and deploying it.
Note
When you discover a BIG-IP device, BIG-IQ Centralized Management imports its SSL certificates properties (metadata), but not the actual SSL certificates and key pairs. These certificates display as Unmanaged on the BIG-IQ Certificates & Keys screen. This allows you to monitor each SSL certificate's expiration date from BIG-IQ, without having to log on directly to the BIG-IP device.
Convert an unmanaged SSL key certificate and key pair to managed so you can centrally manage it from BIG-IQ Centralized Management. This saves you time because you don’t have to log on to individual BIG-IP devices to create, monitor, or deploy certificates.
- Lab 1.1: Import all Certificates & keys from multiple devices in BIG-IQ
- Lab 1.2: Create a self-signed SSL certificate & key on BIG-IQ
- Lab 1.3: Renew expired certificates and deploy from BIG-IQ to managed BIG-IP
- Lab 1.4: Integrating Venafi with BIG-IQ for Certificate Management
- Lab 1.5: Integrating Let’s Encrypt with BIG-IQ for Certificate Management (new 7.1)