Forum Discussion
teemo_13
Cirrus
CirrusDevice certificate Issuer and other information not updating on the browser's certificate details
We recently updated a device certificate on an F5 device but we encounted lost access on the GUI after the device cert application. We stumble upon this article https://support.f5.com/csp/article/K52731589 and did the steps on there.
After leaving everything in default and restarting HTTPD, the access on the GUI worked again. Now the problem is this,
We managed to make the certificate import work but only the information on the System>Certificate Management>Device certificate is updating. When we check the browser, we see this below
My question is how can we update the info on the browser as well? Or how can we revert the changes to it?
Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!
teemo_13Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!
- Paulius
MVP
I have not used the method in the link that you provided but I have used the process in the following link starting at section "Replace the BIG-IP system self-signed device certificate" which should produce the correct results for you. Please make sure to backup your two files that you are replacing before you replace them.
- teemo_13
Hi thanks for your reply. Will this work with a cert given by an internal CA? not 3rd Party CA.
- Paulius
This will work with any CA as long as the cert and key match. You will still receive the warning in your browser when you attempt to connect but if you import the internal CA cert it will no longer receive that error assuming you connect using the CN in the SSL cert.
what the browser shows is the info you provided when you typed the command F5 suggested:
openssl req -new -x509 -key ../ssl.key/server.key -days <# of days> -out server.crt
what specifically you'd like to update in the browser?
If you've already replaced the cert with the Linux command in the article you've already replaced the old cert. Unless you backed it up, I think it's gone.
- teemo_13
I only did the recommendation on the article to regain access to the GUI. I have a backup of the device cert but when I import it, the browser still shows the same as the screenshot above.
what specifically you'd like to update in the browser?
-I would like to see matching details on the F5 Device cert page and the browser's. As of now they are not the same.
did you restart httpd after the changes?
tmsh restart /sys service httpd
