Forum Discussion
How to deploy certificates with BIG-IQ
- Nov 09, 2022
I found the solution in the meanwhile. The missing piece were the "Pinning Policies" under "Configuration -> Local Traffic". Here you need to assign your newly created items to one or several BIG-IP devices. This also works fine for simply the certificate file itself. No need to create any additional clientSSL profile.
Once pinned, you can create a Deployment with "Source Scope: Partial Changes" and select the newly created certificate. If you now click on "Find Relavant Devices" all BIG-IP devices will be displayed, where you previously pinned the new certificate. After executing the Deployment the certificate is part of the local configuration of all selected BIG-IP devices.
These steps are also required for any other configuration items created on the BIG-IQ. Before deploying them to the required BIG-IP devices, it needs to be pinned first to them.
Thanks anyway!
Regards Stefan 🙂
I found the solution in the meanwhile. The missing piece were the "Pinning Policies" under "Configuration -> Local Traffic". Here you need to assign your newly created items to one or several BIG-IP devices. This also works fine for simply the certificate file itself. No need to create any additional clientSSL profile.
Once pinned, you can create a Deployment with "Source Scope: Partial Changes" and select the newly created certificate. If you now click on "Find Relavant Devices" all BIG-IP devices will be displayed, where you previously pinned the new certificate. After executing the Deployment the certificate is part of the local configuration of all selected BIG-IP devices.
These steps are also required for any other configuration items created on the BIG-IQ. Before deploying them to the required BIG-IP devices, it needs to be pinned first to them.
Thanks anyway!
Regards Stefan 🙂
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com