For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mx9's avatar
mx9
Icon for Altocumulus rankAltocumulus
Nov 08, 2024
Solved

DEVICE-0202 Error while adding rSeries as a provider in CM

Hi all,

we just got out rSeries Hardware and I am now trying to add it as a provider to out Central Manager instance.
Unfortunately I am always getting the following error Code when trying to connect it to CM.

DEVICE-0202: BIG-IP Next instance internal server error: Certificate validation failed with error: provider 1234-app123-zz.net.world.aa:8888: DEVICE-0202: BIG-IP Next instance internal server error: SSL certificate is unusable: BIG-IP Next 1234-app123-zz.net.world.aa has an unknown or unusable device certificate; explicit trust is not possible. Error: EOF. .


For creating the Device Cert on the rSeries Platform I used to following KB-Article which is for the DEVICE00060 Error: https://my.f5.com/manage/s/article/K000139300
- I issued a self signed certifcate with DNS and IP as SAN

Since the error didn't change I tried adding a few other things:
- Adding the self signed cert to CentralManager via Applications>Certificates & Keys>import 
- Creating a crt signed by out Internal CA (no IP in SAN cause the CA doesn't allow that), applying it on the rSeries  and uploading the chain to cm
- Testing if the rSeries really uses the applied certs on port 8888 each time with openssl s_client connect which it always does

But all that didn't change the error message at all. Any ideas?

Thank you in advance

central manager
next
rseries
  • mx9's avatar
    mx9
    Nov 27, 2024

    Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉

4 Replies

  • MoFaz's avatar
    MoFaz
    Icon for Moderator rankModerator
    Nov 18, 2024

    Hey mx9 ,

    Regarding your question above, one of the community admin JRahm has written an article relating to this. and I think it is similar to what you're experiencing above. 

    The article I am referring to is Managing F5OS from Central Manager.

    Have a look at the article and hopes it clears your issue. 

    Cheers,

    Mo.

    • mx9's avatar
      mx9
      Icon for Altocumulus rankAltocumulus
      Nov 18, 2024

      Jason Rahm mentioned in his article that he had errors because the Cert of his rSeries was expired which mine isn’t. 
      But I still tried his ssl cnf to create a self signed cert which unfortunately also didn’t change my error message. I even tried multiple Variants:

      • localhost in CommonName & SAN DNS + IP ins SAN
      • FQDN in CommonName & localhost in SAN DNS + IP ins SAN
      • FQDN in CommonName & SAN DNS + IP in SAN

      Also I looked at the mentioned Article for adding rSeries as a provider to CM:

      https://clouddocs.f5.com/bigip-next/latest/use_cm/cm_add_providers_ve_velos_rseries.html

      in his Post which lists a Method of connecting via a Post Request. The response should be a Status Code of 500 with a Certificate Fingerprint in the response, but there I also just get the same error as always.

       

       

  • mx9's avatar
    mx9
    Icon for Altocumulus rankAltocumulus
    Nov 27, 2024

    Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉

  • mamamiakader's avatar
    mamamiakader
    Icon for Nimbostratus rankNimbostratus
    Dec 07, 2024

    Check the certificate configuration on the rSeries (BIG-IP Next) It is possible that the SSL certificate on your rSeries (BIG-IP Next) device is invalid, misconfigured, or missing some elements in the chain of trust.