Forum Discussion

Altostratus

Aug 29, 2022

LTM HA Pair SSL Certs

Hi all, I have an LTM HA pair and I have been renewing the client certs on each when the certs are expiring. My question is do I need to do this to each of the pair? I have been renewing and getti...

Security

CA_Valli
Aug 30, 2022
Hello, client certificate repository is syncronized in a HA cluster so if you need to renew client certificate you can just do it on one unit and then perform config sync. Usually, import new key first and then import new certificate. If you're creating a new object, you will also need to modify clientSSL profiles and refer the new certificate/key pair and eventually new trust chain as well.
Mohamed_Salah_
Aug 30, 2022
Hello,
Sorry, I though he was asking about the device certificate itself. For the client ceritificate for any service, it can be synced betwen the HA pair as CA_Valli mentioned.

John_Van_Zant

Altostratus

Aug 30, 2022

Thank you both for you comments. I renewed certs on both and noticed (for the first time) that the csr's were identical, but your comments have cemented the idea. Thank you again.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

LTM HA Pair SSL Certs

Recent Discussions

Irules Editor

SSL Server Profile

VAPT or APT tools scan prevention

High CPU utilization (100%).

BigIP LTM update from v16 to v17

Related Content

Kubernetes cert-manager + LetsEncrypt + F5

LTM Device Cert different to HTTPS cert

BigIP 11.3 LTM Pair not Clustering into HA

Import SSL Cert

Help with IRule Client Auth Certs

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS