Impact of client.crt and server.crt expiration

Question

My device is currently running on L4 A-S.

The client.crt and server.crt expire in 2027.05.

DTDI and DTCA expire in 2035.

1. If client.crt and server.crt expire, will it affect HA or config sync?

2. If I need to update, I'll do it via CLI. Will it affect HA and config sync? I'm wondering if I need to set up new redundancy or reboot, or anything like that.

This is a very sensitive service, so there may not be a maintenance window, so I wanted to notify you in advance.

joselabra · Answer

Hiii JJ
&nbsp;
If the certificate expire, dont have impact into the operation, but will prevent adding new devices into device trust.
&nbsp;
Check the this article&nbsp;
https://my.f5.com/manage/s/article/K47052252
&nbsp;
Best RegardsJosé Labra.

kerry · Answer

all members in a cluster needs server certificates, and their CA/INT cert's also loaded. if the certs are not on all members the Sync will fail, no impacts on the VS's and traffic passing though it, If you are using GTM/DNS wideIP pools, then the certs also need updating in GTM so GTM and see all the thus expect to load each updated Certs 2-3 times on all F5's, Some devices certificates are no Synced in clusters

K16951115

Forum Discussion

Impact of client.crt and server.crt expiration

2 Replies

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Use F5 APM as Forward Proxy

LB Connection Limit Detection Method

Connections appear not to use Persistence

Related Content

Cache Expire

Identify and cleanse expired and soon to expire certs from BIG-IP

LTM Certificate expire

SSL Cert expiration Tracker

Expired ssl warning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS