Renewing device certificate - safe?

The device certificate doesn't relate to your Virtual Servers and the like so no worries there. However, device group trust relies on it quite heavily so I'd recommend any changes you make are out of hours, or factor in the possibility of re-establishing HA device trusts.

Might be helpful to identify which device certificate you're referring to.

If you're referring to the device certificate for UI admin page, that would be here:

/config/httpd/conf/ssl.crt

http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html

As mentioned, this shouldn't affect connectivity through the SSL Virtual Servers.

The device trust certificate for HA would be here:

/config/ssl/ssl.crt/dtca.crt

http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html

It would be best to take a maintenance window if updating these since you have to break the device trust to update them.

Thanks! better safe than sorry...

Welcome. Just to sharpen this statement a bit:

It would be best to take a maintenance window if updating *the dtca.crt" since you have to break the device trust to update them.

@Kevin.K RE: "Might be helpful to identify which device certificate you're referring to. If you're referring to the device certificate for UI admin page, that would be here: /config/httpd/conf/ssl.crt"

Is there documentation about how to change the UI admin page certificate only?

Thanks.

Hi Stuart, Both of these offer the steps. First SOL is probably the easiest, but the second offers a bit more detail:

http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9114.html?sr=34936322

http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html?sr=34936362

Kevin