F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

preslav_ilevski's avatar
preslav_ilevski
Icon for Cirrus rankCirrus
Aug 23, 2017

Auto renewal of device certificate

Hello everyone,   We have a customer who has two f5 machines in HA pair. And for them we have device trust based on default device certificates. After this trust was established we import new cer...
application delivery
LTM
TMOS
preslav_ilevski's avatar
preslav_ilevski
Icon for Cirrus rankCirrus
Aug 23, 2017

Hi all,

 

I found the explanation. There's no option to renew device certificate automatically. And one correction - the device certificate is not used to establish trust relationship between HA units. In order to establish secure channel between HA peers we use /config/ssl/ssl.crt/dtdi.crt and /config/ssl/ssl.crt/dtca.crt certificates.

 

Device certificate (System -> Device certificates -> Device certificate) does not affect DSC (HA) synchronization. It does, however, affect DNS synchronization and iQuery communication.

 

More on BIG-IP certificates can be found here: https://support.f5.com/csp/article/K15664

 

Regards,

 

Preslav