Previous Topic: Create an F5 Virtual Server for CA Process AutomationNext Topic: Prepare the F5 Load Balancer for Communication Verification (Example)

Set Up a Load Balancer for Orchestrator ClusteringF5 Load Balancer PrerequisitesConfigure F5 to Use Simplified Communication with HTTPS

Configure F5 to Use Simplified Communication with HTTPS

SSL communication in F5 requires a certificate file and key file. Simplified communication can use only certificates that are generated by keytool and copied to the CA Process Automation keystore.

Follow these steps:

  1. Generate SSL Certificate Files.
  2. Upload SSL certificate and key.
    1. Log in to F5.
    2. Click Local Traffic, SSL Certificates, Import.
    3. Import the key: Select Key as the Import Type, enter the Key Name, click Browse and navigate to the location of the key file, and then click Import. 
      user-specified-location/c2okey2.pem
    4. Click Local Traffic, SSL Certificates, Import.
    5. Import the certificate: Select Certificate as the Import Type, enter the Certificate Name, click Browse and navigate to the location of the certificate, and then click Import. 
      user-specified-location/c2ocert2.pem
  3. Create the Client profile.
    1. Click Local Traffic, Profiles, SSL, Client.
    2. Click Create.
    3. Enter a name in the Name field. Accept the default for Parent Profile, clientssl.
    4. Select Advanced for Configuration.
    5. On the right hand side, select Certificate, Key, and Pass Phrase fields to make them editable.
    6. From the Certificate drop-down list, select the c2ocert2.pem certificate you imported in the previous step.
    7. From the Key drop-down list, select the c2okey2.pem key you imported in the previous step.
    8. In the Pass Phrase and in the Confirm Pass Phrase fields, enter the key phrase that was used to generate the certificate files.
    9. Click Finished.
  4. Create the Server profile.
    1. Click Local Traffic, Profiles, SSL, Server.
    2. Click Create.
    3. Enter a name in the Name field. Accept the default for Parent Profile, serverssl.
    4. Select Advanced for Configuration.
    5. On the right hand side, select Certificate, Key, and Pass Phrase fields to make them editable.
    6. From the Certificate drop-down list, select the c2ocert2.pem certificate you imported in the previous step.
    7. From the Key drop-down list, select the c2okey2.pem key you imported in the previous step.
    8. In the Pass Phrase and in the Confirm Pass Phrase fields, enter the key phrase that was used to generate the certificate files.
    9. Click Finished.
  5. Link the Client and Server Profiles to the F5 Virtual Server
    1. Click Local Traffic, Virtual Servers, Virtual Server List.
    2. Select the Virtual Server for CA Process Automation, for example, pamlib.

      Notice that the Service Port displays 443 and HTTPS.

    3. For SSL Profile (Client), select clientssl (the default you used for the Parent Profile in the last two steps.
    4. For SSL Profile (Server), select serverssl.
    5. Click Finished.

Comparison of port settings for HTTPS and HTTP

 

HTTPS (secure)

HTTP (basic)

Service Port

443

80

Node members added to the pool

8443

8080

iRule referring to the web socket port

443

80