Customers give me inadvertent tips all the time. Today, one called me because they just bought their new certs from GoDaddy. As we chatted about it, I found out that GoDaddy has single domain certs for just $12. Pretty cheap, right? I bought two. :-) Anyway, along with the brand new cert, GoDaddy included something called the gd_bundle.crt and the customer had no idea what to do with it. In case you're looking for a cheap SSL cert and happen to have a spare F5 laying around, this could be of help to you. First things first, though.

Certificate Basics

While this document will skip over nearly ALL the specifics of each component, it'll show you the basic steps to getting a cert. First, you'll create a certificate signing request (CSR) and private key. The CSR is everything the certificate authority (CA) will need in order to hand you back the certificate you've requested. Once the CA has a copy of your CSR, they will validate it, sign it and send you back a signed certificate.

You might be asking yourself, "How do I generate one of these CSR's?". On the LTM, you simply click on the "Local" tab in the left panel and then click "SSL Certificate List" that shows up down below it.

See that little "Create" button in the upper right corner? Yeah, click that. It'll bring up a box that will walk you through the steps of creating the CSR.

Fill out the form.. Stupid easy. I created mine for my test VPN service. When you're done filling out the form, it'll present you a page with a text version of your CSR as well as a button to download it. GoDaddy doesn't care if you copy/paste or upload your CSR, so do whatever you want.

You've submitted your CSR, gone through the signing process and using their fancy pants SSL Cert management tool, been given the opportunity to download your cert. But wait, they've given you another gd_bundle.crt file to deal with? What up? Well, that my friend is the cert chain to validate the signed cert you just bought. Huh? Yeah, don't worry your pretty little head about it. Just know you need it.

Installing Your New Cert

Two steps here.. Importing your cert and then importing the GoDaddy certs. Go back to the "SSL Certificate List" tab. You'll see the CSR listed and it will only have "Key" next to it. That's because we've not paired it with the signed cert yet. To pair it up, click on the name of your key. Below it there's an "import" button. Find the cert you just downloaded. Point, click, done.

Similar scenario for the gd_bundle.crt. Instead of pairing it to a key, we're going to create a new certificate bundle. On the "SSL Certificate List" tab, look in the upper right corner. See the Create button? Don't touch that. Right next to it is import. Click there and you'll see a beautiful web form asking you for some guidance. Select "Certificate" from the list and it'll have two questions for you. What shall we name this? Where should I find the certs? The name isn't important and the certs will be that gd_bundle.crt file.

Now what?

Well, now you have your new signed cert installed. You also have a CA chain to validate it. All you need to do is create an SSL profile to use on your virtual server. You know how to do that, right?