Changing self-signed device certificate impact

EDITORS NOTE: this question was posted in our Suggestions section in October - Pinning it to the top of the forum so others may get a chance to review/help if possible.

Here_There - thanks for the post. I think this should be a question in our Technical Forum
I will move it there and do something to feature it so the community has a chance to take a look.

Here_There Are you referring to the SSL cert that is used for the F5 GUI? If you are referring to that one, the GUI will become inaccessible while httpd restarts and I believe that's it. Or are you referring to the SSL cert used for HA, or the SSL client profile?

Hi Here_There,

there is a procedure for changing the BIG-IP system device certificate, that's the one for the WebUI:
K16951115: Changing the BIG-IP system device certificate using the Configuration utility
There is a different procedure for replacing the Device Trust Certificates. those are the certs used in a DSC / HA setup:
K47052252: Procedure to renew Device Trust Certificates on BIG-IP system
And lastly there is the default.crt in you find in System > Certificate Management > Traffic Certificate Management > SSL Certificate List. No need to change anything here.

KR
Daniel

Hi Here There

1. Please let me know F5 module ? Example GTM/LTM ?

2. In case you have function IQEURY between F5 device, IQUERY connection will terminate, You have to add CA on all device that you trust and bigip add again

3. In case you have redundant device, You have to add peer device to device group again

I hope this information wil help you

Here_There 
Looks like some really good advice on your issue.
Were you able to progress with your change to the CA-Signed device?

Please choose "Accept as Solution" on any of the replies that proved helpful/correct.
Cheers, Lief