Intermediate or Chain SSL Certs on BigIP 4.5

If you do a search out on the Internet today for instructions on how to properly chain a SSL certificate from a provider like GoDaddy on BigIP load balancing appliance (more specifically the older 4.5 version), you will find a confusing and complicated set of instructions that don’t even work. I’m not sure why it’s not documented, since it is an easy thing to do.

The first thing you want to do is setup the SSL cert like you normally would through the Proxies | Cert Admin tab. Generate your key and send off your CSR. When you get the cert back, associate the CRT with the key and you are done with the normal part.

Now, the next thing you want to do is install the intermediate or chain certificate that you received from the provider. For example, if you bought a SSL cert from GoDaddy, then create another cert called gd-intermediate to match the name of the certificate bundle they sent you. In this case though since you have no key or csr to match it to, choose “import” from the top of the Cert Admin page. Then choose certificate, and then browse to the intermediate cert file they sent you.

Once you have both certificates installed, you can now create the SSL proxy that will utilize those certificates. Choose the main certificate and key like a normal SSL proxy, then click next. You’ll notice that on the third page (when clicking next), that there will be an option for Client Chain File. Open the dropdown menu and select the intermediate key you installed earlier. Finish the creation of the SSL proxy and you’re set!


  1. i’m using big-ip 9.1.1, do you have instructions for this version? I want to follow the steps you provided but there is no “proxy” section.

Leave a comment

Your email address will not be published. Required fields are marked *