How to Renew F5 Device Certificate

Hi, thanks for the reply, it helps me too.

Hi F5_Design_Engineer Aswin_mk Thanks for the detailed info ....

I just want to understand if we really need to renew this Device certificate ? 

In our infra I have seen all of our F5 devices have expired device certificate ..

Since we are accessing the device with IP address instead of Hostname ? That could be the reason ?

Hi Blue_whale ,

In case you don't want to follow CLI steps, here are simple steps you can follows to achieve the same 

Renewing an F5 device certificate involves a few steps.

Here's a general procedure I follow:

Access the Certificate Management Interface:

Navigate to System > Certificate Management > Device Certificate Management.
Select the Certificate:

Find the certificate you want to renew (in this case, server.crt).
Renew the Certificate:

Click on the certificate and look for an option to Renew. If this option is available, you can proceed with it. This will typically generate a new certificate with an updated expiry date.
Generate a New Certificate (if renewal option is not available):

If there is no direct renew option, you might need to generate a new self-signed certificate.

Here’s how:
Go to System > Certificate Management > Device Certificate Management.
Click on Create.
Fill in the required details (Common Name, Organization, etc.).
Set the validity period (e.g., 1 year, 2 years).
Click Finished to generate the new certificate.
Assign the New Certificate:

Once the new certificate is created, you need to assign it to the relevant services or devices.
Verify the Certificate:

Ensure that the new certificate is correctly installed and that the services are running without any issues.

Remember to back up your current certificate and configuration before making any changes, just in case you need to revert.

Hello Blue_whale 

Please go through the KB - Updating a self-signed SSL device certificate on a BIG-IP system

BR
Aswin