TLS Load-balancer certificate issuance via CSR
A Silverline "feature" (Certificate keeper) that would be nice to have in F5XC would be an additional way to install a certificate on a load-balancer with F5XC providing a CSR. Steps:
customer choose this option in the load-balancer form
they’re prompted to enter the CSR/certificate details (country name, state, ...)
when the load-balancer is created, they get to download the CSR
they send the CSR to a CA and receive a certificate in return
they upload the certificate in F5XC console in the load-balancer settings
This would allow customer to have a custom certificate, without the private key leaving F5XC or their premises at any point in time.
-
Étienne Labaume
- Mar 31 2023
- Planned
Related ideas
Yes, CSR generation in a secure way with a private key not existing anywhere outside the platform is a must-have feature to serve enterprises, especially baking customers.
This should also be a straightforward feature to implement in a short time since all the code and logic for CSR generation, and blindfolding are open source easy to implement, and already available we will need to add it as a new screen under Certificate Management.
Please help expedite it as many Customers who have already sold 0.1 Million plus deals are already demanding it and it's acting as a show stopper.
I have a customer who requested for this as well, stating that the private key should not leave the platform, as that is against their security best practice.