Forum Discussion
NimbostratusiQuery issue due to certificate exchange between GTM
Hi,
I am facing an issue in GTM. servers at my backup side data center GTM is showing down. same status at primary data center GTM. while all GTM and LTM is up also telnet is happening on port 4353. when I saw in GTM logs, found an error like " certificate exchange error" . as per F5 representative, all GTM and LTM devices having same common name under device self certificate hence certificate exchange will be a challenge. however this setup has been working for one year almost.but due to some network issue backup data center wen down and then issue started.
if issue is really due to same common name then I will have to renew self sign certificate from all the devices and need to exchange with bigip_add command right? but how much time approximately f5 will take when renewing the certificate and then exchanging between GTM to GTM?
will appreciate for a quick reply as it is bit urgent.
Regards Prak
3 Replies
Harry1Hi,
could anybody please help here?
IainThomson85_1Cumulonimbus
As a general rule, I don't think your devices should have the same name. Of course they can share the same Domain certificate.
First things to check. before it is common name related, make sure NTP etc is all ok, and simple things like sharing the same versions.
Once thats done - You may want to run the gtm_add script (there's a solutions article on the topic) to add devices to the cluster with the most up to date configuration.
Vijay_ECirrus
This is a good SOL13690 article. When you run the gtm_add command, it should synchronize within a minute or so. You may have to add the bigip_add or big3d_install command depending on your infrastructure situation. I would recommend reading the solution article as the 1st step to make sure your set up is good.
