Forum Discussion

BK1's avatar
BK1
Icon for Cirrus rankCirrus
Mar 03, 2020

Device certificate not working

Hi,

 

I was trying to upload new device certificate on my f5. But post importing certificate, I lost my WebUI access and now I am unable to access webUI of my f5.

 

Can u pls let me know what went wrong and how to fix this issue?

  • It seems you have only uploaded device certificate and it is using old device certificate key and due to this you are facing this issue.

     

    It should be having access to cli, i think so. You can take F5 login through WINSCP and go to below device certificate and key path.

     

    /config/httpd/conf/ssl.crt/server.crt

    /config/httpd/conf/ssl.key/server.key

     

    At above path, you should see certificate imported by you. Do one thing, put key file associated with new device certificate at above key location and then restart 'httpd' service of F5 by using cli command - bigstart restart httpd

     

    Your issue should get resolve with this. But you should have access to SCP for this.

     

    I hope it resolves your access.

     

    Mayur

  •  I followed steps provided by you and it worked for me. Post replacing key file on given path, I am able to access WebUI of my F5. Thank you for your help.

  • Yes I have uploaded certificate only and before importing key, I lost WebUI access. let me follow steps given by you. I will update status here.

  • It seems you have only uploaded device certificate and it is using old device certificate key and due to this you are facing this issue.

     

    It should be having access to cli, i think so. You can take F5 login through WINSCP and go to below device certificate and key path.

     

    /config/httpd/conf/ssl.crt/server.crt

    /config/httpd/conf/ssl.key/server.key

     

    At above path, you should see certificate imported by you. Do one thing, put key file associated with new device certificate at above key location and then restart 'httpd' service of F5 by using cli command - bigstart restart httpd

     

    Your issue should get resolve with this. But you should have access to SCP for this.

     

    I hope it resolves your access.

     

    Mayur