Forum Discussion

Jeff_Knights_44's avatar
Jeff_Knights_44
Icon for Nimbostratus rankNimbostratus
Nov 06, 2013

Renewing device certificate - safe?

I have an HA pair of Big-Ip 3900's, and the device certificate has expired (self signed) can I safely renew it without fear of causing any stoppages to the customer facing web applications?   this...
Kevin_K_51432's avatar
Kevin_K_51432
Historic F5 Account
Nov 06, 2013

Might be helpful to identify which device certificate you're referring to.

 

If you're referring to the device certificate for UI admin page, that would be here:

 

/config/httpd/conf/ssl.crt

 

http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html

 

As mentioned, this shouldn't affect connectivity through the SSL Virtual Servers.

 

The device trust certificate for HA would be here:

 

/config/ssl/ssl.crt/dtca.crt

 

http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html

 

It would be best to take a maintenance window if updating these since you have to break the device trust to update them.