In previous releases, both the unsigned Certificate Signing Request (CSR) generated by LoadMaster and the associated private key were displayed in the UI (or returned via the API). A new option has been provided to allow the private key to be managed more securely, preventing unintentional disclosure or improper handling of the private key by the user.

This new option appears only when the Certificates & Security > Remote Access > Self-Signed Certificate Handling option is set to EC certs with an EC signature -- which means that an elliptical curve cipher will be used for both the certificate and the digital signature.

Once the above option is selected, a new Display Private Key check box appears on the Certificates & Security > Generate CSR UI page.

  • When Display Private Key is disabled (the default), the private key is not displayed in the UI after the CSR is created. The unsigned CSR is downloaded by the user as in previous releases. Once it is signed by a Certificate Authority, the user uploads the signed certificate to the LoadMaster -- the difference from previous releases being that the user does not have to also upload the private key, since LoadMaster maintains it internally when Display Private Key is disabled. If the saved private key matches the new certificate, the certificate gets imported and the saved private key is deleted. The stored private key is not encrypted but there is no access to it from the outside and it cannot be seen or displayed.
  • When Display Private Key is enabled, LoadMaster behaves as in previous releases: the private key is displayed to the user and must be uploaded to LoadMaster along with the private key.