Forum Discussion

Blue_whale's avatar
Blue_whale
Icon for Cirrocumulus rankCirrocumulus
Mar 17, 2025

How to Renew F5 Device Certificate

Hi Team , 

We have self-signed device certificate which is going to expire soon. Can you please let me know if I can click on renew and update the expiry date ? 

Please let me know the correct procedure to renew the device certificate .

System  ››  Certificate Management : Device Certificate Management : Device Certificate  ››  server.crt

application delivery
bigip
Certifiacte
device certificate
security
ssl

6 Replies

Sort By
  • F5_Design_Engineer's avatar
    F5_Design_Engineer
    Icon for MVP rankMVP
    Mar 19, 2025

    Hi Blue_whale ,

    In case you don't want to follow CLI steps, here are simple steps you can follows to achieve the same 

    Renewing an F5 device certificate involves a few steps.

    Here's a general procedure I follow:

    Access the Certificate Management Interface:

    Navigate to System > Certificate Management > Device Certificate Management.
    Select the Certificate:

    Find the certificate you want to renew (in this case, server.crt).
    Renew the Certificate:

    Click on the certificate and look for an option to Renew. If this option is available, you can proceed with it. This will typically generate a new certificate with an updated expiry date.
    Generate a New Certificate (if renewal option is not available):

    If there is no direct renew option, you might need to generate a new self-signed certificate.

    Here’s how:
    Go to System > Certificate Management > Device Certificate Management.
    Click on Create.
    Fill in the required details (Common Name, Organization, etc.).
    Set the validity period (e.g., 1 year, 2 years).
    Click Finished to generate the new certificate.
    Assign the New Certificate:

    Once the new certificate is created, you need to assign it to the relevant services or devices.
    Verify the Certificate:

    Ensure that the new certificate is correctly installed and that the services are running without any issues.

    Remember to back up your current certificate and configuration before making any changes, just in case you need to revert.

  • Blue_whale's avatar
    Blue_whale
    Icon for Cirrocumulus rankCirrocumulus
    Mar 20, 2025

    Hi F5_Design_Engineer Aswin_mk Thanks for the detailed info ....

    I just want to understand if we really need to renew this Device certificate ? 

    In our infra I have seen all of our F5 devices have expired device certificate ..

    Since we are accessing the device with IP address instead of Hostname ? That could be the reason ?

     

     

    • F5_Design_Engineer's avatar
      F5_Design_Engineer
      Icon for MVP rankMVP
      Mar 24, 2025

      you will get a certificate error when you use an IP address only for MGMT access not using FQDN name.

      Its your choice how you access your devices in your environment.

      With IP or with FQDN then you need a valid device certificate not to get the cert error, else it ill keep giving cert expired error at the time of device access.

  • Teerarat's avatar
    Teerarat
    Icon for Cirrostratus rankCirrostratus
    Mar 21, 2025

    Hi Blue Whale,

    I would like to provide step below,

    1. Go to GUI > System ›› Certificate Management: Device Certificate Management: Device Certificate 

    2. Click Renew button and update information

    3. Click Finished button

    4. Waiting few minute

    5. The system updated date on self-certificate

    Please refer link below for more details,

    Renew F5 Self Device Certificate - THARMADE