Forum Discussion
preslav_ilevski
Aug 23, 2017Cirrus
Hi all,
I found the explanation. There's no option to renew device certificate automatically. And one correction - the device certificate is not used to establish trust relationship between HA units. In order to establish secure channel between HA peers we use /config/ssl/ssl.crt/dtdi.crt and /config/ssl/ssl.crt/dtca.crt certificates.
Device certificate (System -> Device certificates -> Device certificate) does not affect DSC (HA) synchronization. It does, however, affect DNS synchronization and iQuery communication.
More on BIG-IP certificates can be found here: https://support.f5.com/csp/article/K15664
Regards,
Preslav