Renewing device certificate - safe?

Question

I have an HA pair of Big-Ip 3900's, and the device certificate has expired (self signed)
can I safely renew it without fear of causing any stoppages to the customer facing web applications?&nbsp;
this is version 11.3 so I can make the expiration a 10 year date now...&nbsp;

what_lies_bene1 · Answer

The device certificate doesn't relate to your Virtual Servers and the like so no worries there. However, device group trust relies on it quite heavily so I'd recommend any changes you make are out of hours, or factor in the possibility of re-establishing HA device trusts.&nbsp;

kevin_k_51432 · Answer

Might be helpful to identify which device certificate you're referring to.&nbsp;
If you're referring to the device certificate for UI admin page, that would be here:&nbsp;
/config/httpd/conf/ssl.crt&nbsp;
http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html&nbsp;
As mentioned, this shouldn't affect connectivity through the SSL Virtual Servers. &nbsp;
The device trust certificate for HA would be here: &nbsp;
/config/ssl/ssl.crt/dtca.crt&nbsp;
http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html&nbsp;
It would be best to take a maintenance window if updating these since you have to break the device trust to update them.&nbsp;

jeff_knights_44 · Answer

Thanks! better safe than sorry...&nbsp;

kevin_k_51432 · Answer

Welcome. Just to sharpen this statement a bit:&nbsp;
It would be best to take a maintenance window if updating *the dtca.crt" since you have to break the device trust to update them.&nbsp;

stuart_page_131 · Answer

@Kevin.K
RE: "Might be helpful to identify which device certificate you're referring to.
If you're referring to the device certificate for UI admin page, that would be here:
/config/httpd/conf/ssl.crt"&nbsp;
Is there documentation about how to change the UI admin page certificate only?&nbsp;
Thanks.&nbsp;

Forum Discussion

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Related Content

How to Renew F5 Device Certificate

F5 Device Management Certificate renewal

AS3 w/ certificates and renewals..

unsupported certificate error with device certificates

Automating Certificate Management on F5 BIG-IP