BIG-IP® devices use traffic SSL certificates for secure communication. Certificates stored on BIG-IQ® Centralized Management are in one of the following states:
From one centralized location, BIG-IQ makes it easy for you to request, import, and manage CA-signed SSL certificates, as well as import signed SSL certificates, keys, and PKCS #12 archive files created elsewhere. And if you want to create a self-signed certificate on BIG-IQ for your managed devices, you can do that too.
Once you've imported or created an SSL certificate and keys, you can assign them to your managed devices by associating them with a Local Traffic Manager clientssl or serverssl profile, and deploying it.
You can create a Certificate Signing Request (CSR) directly from BIG-IQ® Centralized Management, so it's easy to create and renew CA-signed certificates for your BIG-IP® devices. BIG-IQ provides a centralized view into which BIG-IP devices have CA-signed certificates, and which are about to expire.
There might be some cases where you've created an SSL certificate, key, or a PKCS #12 SSL archive file on a system other than BIG-IQ® Centralized Management. In those cases, you can easily import the certificates, keys, and files to BIG-IQ so you can centrally manage them for your BIG-IP® devices.