Add HA Pair as GTM Servers

Question

Having issues adding my LTM's as servers on my GTM.  This is a closed environment LTM HA Pair and 1 GTM. 1 layer 2 switch that all three devices are attached.  When run the utility bigip_add, I am seeing the following in my gtm log:&nbsp;
May 10 05:58:35 hw8900-16 err gtmd[16765]: 011ae0fa:3: iqmgmt_ssl_connect: SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278)&nbsp;
I had renewed all the device certs and added the device certs to system&gt;device certs&gt; Trusted Device Certificates as well as DNS&gt;glsb&gt;servers&gt;Trusted Server Certificates&nbsp;
I am not sure how to move from here.  I am using 11.5.4 HF4 tmos version.&nbsp;
Thanks,&nbsp;
Wallace Branche&nbsp;

amintej · Answer

Did you add GTM certificate or GTM CA's certificate to "LTM > System > Device certificate > Trusted Device Certificate" ? If I understand correctly the problem is LTMs don't trust in GTM.

eben · Answer

Hi&nbsp;
Do a re-run of bigip_add. That should fix it.&nbsp;
HTH&nbsp;

surgeon · Answer

Are you using self-signed cert or 3d party CA signed cert for device certificate? If you are using 3d party signed cert then device cert must include CA cert + all intermediate CA cert + device cert. &nbsp;
https://support.f5.com/csp/article/K7717  &nbsp;

Forum Discussion

Add HA Pair as GTM Servers

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Rebooting HA pair

Help: Add Name Servers in GTM

add LTM to GTM

add /browerWeb Extension after domain name

How to add iRule and http profile to a virtual server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS