For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Sumanta_88744's avatar
Sumanta_88744
Icon for Cirrus rankCirrus
Sep 06, 2016

Change default SSL certificate in F5 LTM

Hi Experts

 

How do we change the factory default SSL certificate shown during mgmt. port GUI access? Suppose the customer wants to use any self signed CA or a CA signed by a trusted 3rd party such as Verisign or Entrust?

 

Regards,

 

Sumanta.

 

application delivery
BIG-IP
LTM
security

5 Replies

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Sep 06, 2016

    You can change it from 

    System  ››  Device Certificates : Device Certificate  ››  Device Certificate

    But remember, BIG-IP system uses this device certificate to authenticate access to the Configuration utility, and to accommodate device-to-device communication processes, such as ConfigSync, big3d, and gtmd.

    -Jinshu

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 06, 2016

    In the management GUI, it's under System -> Device Certificate. Go to the "Device Certificate" or "Device Key" tab and click the Import button to import a new certificate and private key.

     

  • Sumanta_88744's avatar
    Sumanta_88744
    Icon for Cirrus rankCirrus
    Sep 07, 2016

    Hi All

     

    Thanks for your replies. I was just wondering if it is possible to increase the existing ciphers to something more stronger in the default certificate for mgmt interface. In that case, probably, I won't have to replace the ssl cert because that will break down my HA and sync.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 07, 2016

    Using a stronger cert shouldn't break HA or sync, but you'd definitely have to replace the existing one.