DSC Certificates Renew

Question

After checking DTDI and DTCA certificates used by DSC comms, we notice that both has a validity gap.
I guess that active used certificates &amp; keys are located here:
/config/filestore/files_d/Common_d/trust_certificate_d/config/filestore/files_d/Common_d/trust_certificate_key_d
So, their validity time is:
 openssl x509 -text -noout -in /config/filestore/files_d/Common_d/trust_certificate_d/\:Common\:dtdi.crt_37015_4 | grep -A2 -i validity
        Validity
            Not Before: Mar 22 14:51:24 2016 GMT
            Not After : Mar 20 14:51:24 2026 GMT

openssl x509 -text -noout -in /config/filestore/files_d/Common_d/trust_certificate_d/\:Common\:dtca.crt_37019_4 | grep -A2 -i validity
        Validity
            Not Before: Mar 22 14:51:23 2016 GMT
            Not After : Mar 20 14:51:23 2026 GMT

What should I do after this time to renew those certificates?
I was search for an install option as "install sys crypto cert..." but I guess it doesn't exist to DSC certificates.
Any help?
Thanks.
KR,
Dario.

niels_van_sluis · Answer

To renew a BIG-IP DSC device certificate, refer to the Resetting the device trust and re-adding a device to the trust domain procedure in the following article:&nbsp;
K13946: Troubleshooting ConfigSync and device service clustering issues (11.x - 13.x)&nbsp;
https://support.f5.com/csp/article/K13946&nbsp;

Forum Discussion

DSC Certificates Renew

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

AS3 w/ certificates and renewals..

issue with URL after certificate renewal.

Automating ACMEv2 Certificate Management on BIG-IP

Help F5 Transform the BIG-IP Administrator Certification

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS