Forum Discussion
NimbostratusBIG-IP DNS and LTM - Certificate Trust
Hey all,
Big-IP DNS - has signed device cert by private CA.
Big-IP LTM - has signed device cert by private CA.
Big-IP DNS - when configuring GSLB Servers and adding LTMs then running bigip_add on DNS box to form trust with the added LTMs - never turn GREEN. /var/log/gtm showing cert validation errors. When I look at the Trusted Cert - I see that each box has each others cert inside trusted certificate.
The fix seems to be - when I add the entire chain in device certificates on DNS device (not just the cert) but the device cert / intermediate cert / ca certs all together - I can then get connection and GREEN status between the DNS and LTMs.
BUT - now I see the CA cert as part of the trusted certs inside both LTM and also inside DNS boxes. Wouldn't that be possible TRUST issue that anyone with a CA cert would be trusted?
Running 13.x code - any good documentation that covers this and validation IF I need entire chain would be helpful.
Thanks for feedback!
1 Reply
There seem to be a lot of stuff you need to verify in order to get a third-party CA certificate to work. Have you gone through the following SOL?
https://support.f5.com/csp/article/K7717
