Forum Discussion

Sharadwi_352731's avatar
Sharadwi_352731
Icon for Nimbostratus rankNimbostratus
Feb 23, 2018

Creating a new device certificate - signed by internal CA

I am using version 11.5.3. I have a requirement to update the device certificate with an internal CA signed certificate. We have a self signed cert that wont expire until 2025. I am planning on doing the following procedure

 

  1. Device certificate -> Renew -> finish - **Will this replace the existing cert already ?
  2. I am assuming it won't. So I will export the cert. This will generate a CSR.
  3. Once I get a signed cert, I will import it. How do I replace the self signed with this CA signed?

Please correct me if I am wrong.Thanks!

 

LTM
security
  • amintej's avatar
    amintej
    Icon for Cirrus rankCirrus
    Feb 26, 2018

    Hello,

    I modified a little bit your procedure:

    1. System > Device certificate > Renew -> Please, be sure to select "Issuer: Certificate Authority". This action will generate CSR, copy csr text at the end of the wizard and send to your CA(issuer). Note CSR files have headers:

      -----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

    2. Yes, you are right no action at this point.

    3. Once you receive the certiticate, import the CA file 
      `System  ››  Device Certificates : Trusted Device Certificates

    Finally, import F5's certificate signed by your CA:

    `System  ››  Device Certificates : Device Certificate

    and this will replace the certificate immediately if the verification is OK in F5.