Forum Discussion
How to deploy certificates with BIG-IQ
- Nov 09, 2022
I found the solution in the meanwhile. The missing piece were the "Pinning Policies" under "Configuration -> Local Traffic". Here you need to assign your newly created items to one or several BIG-IP devices. This also works fine for simply the certificate file itself. No need to create any additional clientSSL profile.
Once pinned, you can create a Deployment with "Source Scope: Partial Changes" and select the newly created certificate. If you now click on "Find Relavant Devices" all BIG-IP devices will be displayed, where you previously pinned the new certificate. After executing the Deployment the certificate is part of the local configuration of all selected BIG-IP devices.
These steps are also required for any other configuration items created on the BIG-IQ. Before deploying them to the required BIG-IP devices, it needs to be pinned first to them.
Thanks anyway!
Regards Stefan 🙂
Hi Stefan_Klotz ,
I have not worked with BigIQ before , but maybe there is missing configuration , Please check the below Article https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-big-ip-devices-from-big-iq/ssl-certificates.html
I think you need this section :
Dear Mohamed,
thanks for your response. As already mentioned the certificate is already managed! But if I check your link again, it seems I need a clientSSL profile. I'll try to make a "dummy" profile and check if this will work then and if this way makes sense to our setup at all.
Regards Stefan 🙂
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com