Shown above is the Manage Certificates screen. Details about the various options on this screen are below:

Import Certificate – to import the certificate with a chosen filename.

Add Intermediate – refer to the Intermediate Certificates section for further information.

Identifier – is the name given to the certificate at the time it was created.

Common Name(s) – is the FQDN (Fully Qualified Domain Name) for the site.

Virtual Services – the Virtual Service with which the certificate is associated.

Assignment – lists of available and assigned Virtual Services

Operations

  • New CSR – generates a new Certificate Signing Request (CSR) based on the current certificate.
Note: If the certificate has Subject Alternative Names (SANs), generating a CSR in this way will not add the SANs. Instead, generate the CSR manually. For further information on this, refer to the Generate CSR (Certificate Signing Request) section.
  • Replace Certificate – updates or replaces the certificate stored in this file.
  • Delete Certificate – deletes the relevant certificate.
Note: You cannot delete or replace Let's Encrypt/DigiCert certificates from the SSL Certificates screen. You can only delete or replace Let's Encrypt/DigiCert certificates from Certificates & Security > ACME Certificates. The Replace Certificate and Delete Certificate buttons are grayed out on the SSL Certificates screen for Let's Encrypt/DigiCert certificates.
  • Reencryption Usage – display the Virtual Services that are using this certificate as a client certificate when re-encrypting.

Administrative Certificates – the certificate you want to use, if any, for the administrative interface.

The LoadMaster supports key sizes higher than 2048 bit. However, increasing the key size reduces the SSL Transactions Per Second (TPS) performance non-linearly. That means that performance with a 4096 bit key will drop substantially (by at least a power of four) compared to a 2048 bit key. To achieve the same performance with larger keys, more powerful hardware is needed.

However, as indicated by the National Institute of Standards and Technology (NIST); 2048 bit keys have a security lifetime until 2030:

"In many cases, a variety of key sizes may be available for an algorithm. For some of the algorithms (e.g., public key algorithms, such as RSA), the use of larger key sizes than are required may impact operations, e.g., larger keys may take longer to generate or longer to process the data. However, the use of key sizes that are too small may not provide adequate security."