Forum Discussion

Cirrus

Aug 23, 2017

Auto renewal of device certificate

Hello everyone, We have a customer who has two f5 machines in HA pair. And for them we have device trust based on default device certificates. After this trust was established we import new cer...

Cirrus

Aug 23, 2017

Hi all,

I found the explanation. There's no option to renew device certificate automatically. And one correction - the device certificate is not used to establish trust relationship between HA units. In order to establish secure channel between HA peers we use /config/ssl/ssl.crt/dtdi.crt and /config/ssl/ssl.crt/dtca.crt certificates.

Device certificate (System -> Device certificates -> Device certificate) does not affect DSC (HA) synchronization. It does, however, affect DNS synchronization and iQuery communication.

More on BIG-IP certificates can be found here: https://support.f5.com/csp/article/K15664

Regards,

Preslav

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Auto renewal of device certificate

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Could not communicate with the system. Try to reload page.

CVE mitigation on F5 XC vs classic F5 WAF

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

How to Renew F5 Device Certificate

AS3 w/ certificates and renewals..

Automating Certificate Management on F5 BIG-IP

unsupported certificate error with device certificates

issue with URL after certificate renewal.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS