Bigip_add command... What does it EXACTLY do?

From sol13312:

bigip_add

The bigip_add script is an interactive script that exchanges iquery SSL certificates with a remote BIG-IP system. The bigip_add script appends the local BIG-IP GTM system's SSL certificate to the remote BIG-IP system's list of authorized certificates (contained in the /config/big3d/client.crt file). The script then appends the remote BIG-IP system's iquery SSL certificate to the BIG-IP GTM system's local list of authenticated iquery SSL certificates (/config/gtm/server.crt).
Protocol

The bigip_add script uses the SSH protocol to exchange iquery SSL certificates with the remote BIG-IP system.

Running the bigip_add script

The bigip_add script runs from the local BIG-IP GTM system when adding a BIG-IP system to the wide IP configuration. To run the bigip_add script, log in to the command line of the BIG-IP GTM system and type the following command:

bigip_add BIG-IP_IP_address

From sol13312:

 

http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13312.html?sr=38486990

 

The bigip_add script is an interactive script that exchanges iquery SSL certificates with a remote BIG-IP system. The bigip_add script appends the local BIG-IP GTM system's SSL certificate to the remote BIG-IP system's list of authorized certificates (contained in the /config/big3d/client.crt file). The script then appends the remote BIG-IP system's iquery SSL certificate to the BIG-IP GTM system's local list of authenticated iquery SSL certificates (/config/gtm/server.crt). The bigip_add script uses the SSH protocol to exchange iquery SSL certificates with the remote BIG-IP system.

 

Thank you gentlemen for your replies. Let me attempt to word it a different way with more detail since Im back on my laptop. I am using these few links to understand the theory of bigip_add: 1. http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-3-0/7.html 2. http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13312.html 3. http://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-4-0/2.htmlunique_423967679 Question 1 - When I perform the command from GTM1 "bigip_add " and "bigip_add ". The sol states "The bigip_add script appends the local BIG-IP GTM system's SSL certificate to the remote BIG-IP system's list of authorized certificates (contained in the /config/big3d/client.crt file). " But does that include putting the LTMs self-signed cert in the GTM1 SYSTEM>Device Certificate>Trusted Device Certificate? When I look at the /config/big3d/client.crt... all I see is the common 'ssl garble' MIICHjCCAYcCAQAwgaAxEDAOBgNVBAcTB1JhbGVpZ2gxFzAVBgNVBAgTDk5vcnRo IENhcm9saW5hMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNQ2lzY28gU3lzdGVtczEO MAwGA1UECxMFVFNXRUIxGzAZBgNVBAMTEmNpc2NvYXNhLmNpc2NvLmNvbTEhMB8G CSqGSIb3DQEJAhYSY2lzY29hc2EuY2lzY28uY29tMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQCmM/2VteHnhihS1uOj0+hWa5KmOPpI6Y/MMWmqgBaB9M4yTx5b Fm886s8F73WsfQPynBDfBSsejDOnBpFYzKsGf7TUMQB2m2RFaqfyNxYt3oMXSNPO m1dZ0xJVnRIp9cyQp/983pm5PfDD6/ho0nTktx0i+1cEX0luBMh7oKargwIDAQAB oD0wOwYJKoZIhvcNAQkOMS4wLDALBgNVHQ8EBAMCBaAwHQYDVR0RBBYwFIISY2lz Y29hc2EuY2lzY28uY29tMA0GCSqGSIb3DQEBBAUAA4GBABrxpY0q7SeOHZf3yEJq po6wG+oZpsvpYI/HemKUlaRc783w4BMO5lulIEnHgRqAxrTbQn0B7JPIbkc2ykkm bYvRt/wiKc8FjpvPpfOkjMK0T3t+HeQ/5QlKx2Y/vrqs+Hg5SLHpbhj/Uo13yWCe 0Bzg59cYXq/vkoqZV/tBuACr

No, the LTM's certificate does not get placed into the GTM's trusted device certificate list.

Question 2 - Does this mean that the bigip_add command is a gtm method of doing a "ssh key exchange"-like process? (Im trying to compare it to something that I understand... I am not implying it does a key exchange.) This process does it for the iquery 4353 process? Which is my understanding of the SOL and other links.

If you want to liken it to adding the GTM to the LTM's known hosts file, that's one way to think of it.

"Ahhh.... said the blind man!" <-- Referring to me... Tyvm for that analogy.