Purpose of the f5_api_com certificate?

Hi Jonathancert , thanks for writing in. What you experienced isn't a fluke, and that is the expected behaviour. An expired f5_api_com.crt SSL certificate can impact certain functionalities of the BIG-IP system, and the behaviour you experienced when upgrading is consistent with how the system interacts with F5 services. Here's an explanation:

1. Purpose of the f5_api_com.crt Certificate

The f5_api_com.crt certificate is critical for the BIG-IP system to securely communicate with F5's API services and primarily used for license validation. When performing tasks like software upgrades or license renewals, the BIG-IP system may contact F5's API servers for license verification and activation. The f5_api_com.crt ensures that this communication is secure and authenticated.

2. Impact of an Expired f5_api_com.crt Certificate

When the f5_api_com.crt certificate expires, the BIG-IP system may face issues establishing secure communication with F5's API servers. The most likely consequences include:

a) License Validation Errors- Software upgrades, especially major version upgrades like from 16.x to 17.x, often require license verification with the F5 license servers. If the expired f5_api_com.crt certificate prevents the BIG-IP system from securely connecting to the F5 licensing API, the process will fail, resulting in errors like "license validation errors" or "license check failed".
Once the certificate is updated, the system can establish secure communication, resolve the licensing issue, and proceed with the upgrade.

Hope that answers your query. 

Cheers,
Mo