Forum Discussion

mx9's avatar
mx9
Icon for Altocumulus rankAltocumulus
Nov 08, 2024

DEVICE-0202 Error while adding rSeries as a provider in CM

Hi all,

we just got out rSeries Hardware and I am now trying to add it as a provider to out Central Manager instance.
Unfortunately I am always getting the following error Code when trying to connect it to CM.

DEVICE-0202: BIG-IP Next instance internal server error: Certificate validation failed with error: provider 1234-app123-zz.net.world.aa:8888: DEVICE-0202: BIG-IP Next instance internal server error: SSL certificate is unusable: BIG-IP Next 1234-app123-zz.net.world.aa has an unknown or unusable device certificate; explicit trust is not possible. Error: EOF. . 


For creating the Device Cert on the rSeries Platform I used to following KB-Article which is for the DEVICE00060 Error: https://my.f5.com/manage/s/article/K000139300
- I issued a self signed certifcate with DNS and IP as SAN

Since the error didn't change I tried adding a few other things:
- Adding the self signed cert to CentralManager via Applications>Certificates & Keys>import 
- Creating a crt signed by out Internal CA (no IP in SAN cause the CA doesn't allow that), applying it on the rSeries  and uploading the chain to cm
- Testing if the rSeries really uses the applied certs on port 8888 each time with openssl s_client connect which it always does

But all that didn't change the error message at all. Any ideas?

Thank you in advance

  • Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉

  • Hey mx9 ,

    Regarding your question above, one of the community admin JRahm has written an article relating to this. and I think it is similar to what you're experiencing above. 

    The article I am referring to is Managing F5OS from Central Manager.

    Have a look at the article and hopes it clears your issue. 

    Cheers,

    Mo.

    • mx9's avatar
      mx9
      Icon for Altocumulus rankAltocumulus

      Jason Rahm mentioned in his article that he had errors because the Cert of his rSeries was expired which mine isn’t. 
      But I still tried his ssl cnf to create a self signed cert which unfortunately also didn’t change my error message. I even tried multiple Variants:

      • localhost in CommonName & SAN DNS + IP ins SAN
      • FQDN in CommonName & localhost in SAN DNS + IP ins SAN
      • FQDN in CommonName & SAN DNS + IP in SAN

      Also I looked at the mentioned Article for adding rSeries as a provider to CM:

      https://clouddocs.f5.com/bigip-next/latest/use_cm/cm_add_providers_ve_velos_rseries.html

      in his Post which lists a Method of connecting via a Post Request. The response should be a Status Code of 500 with a Certificate Fingerprint in the response, but there I also just get the same error as always.

       

       

  • mx9's avatar
    mx9
    Icon for Altocumulus rankAltocumulus

    Error was caused by a Firewall Rule blocking the connection from CM to rSeries. Not the first thing I thought about with the error message above 😉

  • Check the certificate configuration on the rSeries (BIG-IP Next) It is possible that the SSL certificate on your rSeries (BIG-IP Next) device is invalid, misconfigured, or missing some elements in the chain of trust.