Forum Discussion
DEVICE-0202 Error while adding rSeries as a provider in CM
Hi all,
we just got out rSeries Hardware and I am now trying to add it as a provider to out Central Manager instance.
Unfortunately I am always getting the following error Code when trying to connect it to CM.
DEVICE-0202: BIG-IP Next instance internal server error: Certificate validation failed with error: provider 1234-app123-zz.net.world.aa:8888: DEVICE-0202: BIG-IP Next instance internal server error: SSL certificate is unusable: BIG-IP Next 1234-app123-zz.net.world.aa has an unknown or unusable device certificate; explicit trust is not possible. Error: EOF. .
For creating the Device Cert on the rSeries Platform I used to following KB-Article which is for the DEVICE00060 Error: https://my.f5.com/manage/s/article/K000139300
- I issued a self signed certifcate with DNS and IP as SAN
Since the error didn't change I tried adding a few other things:
- Adding the self signed cert to CentralManager via Applications>Certificates & Keys>import
- Creating a crt signed by out Internal CA (no IP in SAN cause the CA doesn't allow that), applying it on the rSeries and uploading the chain to cm
- Testing if the rSeries really uses the applied certs on port 8888 each time with openssl s_client connect which it always does
But all that didn't change the error message at all. Any ideas?
Thank you in advance
Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉
- MoFazModerator
Hey mx9 ,
Regarding your question above, one of the community admin JRahm has written an article relating to this. and I think it is similar to what you're experiencing above.
The article I am referring to is Managing F5OS from Central Manager.
Have a look at the article and hopes it clears your issue.
Cheers,
Mo.
- mx9Altocumulus
Jason Rahm mentioned in his article that he had errors because the Cert of his rSeries was expired which mine isn’t.
But I still tried his ssl cnf to create a self signed cert which unfortunately also didn’t change my error message. I even tried multiple Variants:- localhost in CommonName & SAN DNS + IP ins SAN
- FQDN in CommonName & localhost in SAN DNS + IP ins SAN
- FQDN in CommonName & SAN DNS + IP in SAN
Also I looked at the mentioned Article for adding rSeries as a provider to CM:
https://clouddocs.f5.com/bigip-next/latest/use_cm/cm_add_providers_ve_velos_rseries.html
in his Post which lists a Method of connecting via a Post Request. The response should be a Status Code of 500 with a Certificate Fingerprint in the response, but there I also just get the same error as always.
- mx9Altocumulus
Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉
- mamamiakaderNimbostratus
Check the certificate configuration on the rSeries (BIG-IP Next) It is possible that the SSL certificate on your rSeries (BIG-IP Next) device is invalid, misconfigured, or missing some elements in the chain of trust.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com