Creating an Identity Certificate

Question

Hello all&nbsp;
We have a bunch of brand new BIG-IP units: 2 x LTMs &amp; 1 x GTM per DC. The LTMs have currently been clustered together using their self-signed certs. &nbsp;
We wish to integrate our devices into the PKI infrastructure we have, this is where my knowledge falls short. We wish to ensure that each device has its own identity certificate, which can then be used for HTTPS/SSL when managing the device. &nbsp;
Silly question, but would this same identity cert also be used when we integrate the LTMs and GTMs (iQuery)? If so, do I need to do anything specifically to instruct the devices to use their ID certs? Also, by adding an ID cert per device, will this break the trust relationship that already exists between the two LTMs?&nbsp;
Many thanks&nbsp;

nitass · Answer

have you seen this? is it helpful?&nbsp;
sol15664: Overview of BIG-IP device certificates (11.x) &nbsp;
https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15664.html&nbsp;

devlin_t_149357 · Answer

Thank yo nitass&nbsp;
I did check that out. My question still stands (I believe) on whether adding the new ID certs will break the existing clustering trust between the LTMs.&nbsp;
Thank you&nbsp;

Forum Discussion

Creating an Identity Certificate

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Share what you learned on DevCentral in 2025

Failing over Virtual F5 VE to DR location using Zerto

Related Content

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Identity-centric F5 ADSP Integration Walkthrough

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

Identity-Aware decisions with JA4+

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS