bigip_add command behaviour on BIGIP DNS

Question

Hi&nbsp;Recently , i worked on alternate approach for bigip_add command which was to manually export and import each other'scertificate. In one case I had to export/import root and intermediate certificates as well( where devicecertificate is not self signed). I never had to restart any process in BIG IP DNS which is against the f5document recommendation.&nbsp;I need to understand the whole phenomenon behind bigip_add .Why it gives SSL errors ? In what caseswe have to export/import intermediate and root device certificates. Whether bigip_add is self sufficientto bring in end ,intermediate and root device certificate or some process would be manual ? Alsosome more info about device certificates,please.&nbsp;ThanksMayank

ashfaq1 · Answer

Hi,Not sure if I can answer your question completely but below is my experience. I have used bigip_add to re-add BIG IP devices when we renewed our devices certificate. You can use the following commands to check the status of devices trust. iqdump &lt;ip of big ip device&gt;For GTM, you can use tmsh show gtm iquery and make sure the trust is available between the devices on respective self -ips. This sure will help resolve the trust issues you will find with neighbor devices.

Forum Discussion

bigip_add command behaviour on BIGIP DNS

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

WAF evasion techniques for Command Injection

remove ssh after gtm_add/bigip_add/big3d_add ?

Power of tmsh commands using Ansible

F5 XC CE Debug commands through GUI cloud console and API

DNS Resolution with the RESOLVER::name_lookup Command

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS