Forum Discussion

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Hi Stuart, Both of these offer the steps. First SOL is probably the easiest, but the second offers a bit more detail:

     

    http://support.f5.com/kb/en-us/solutions/public/9000/100/sol9114.html?sr=34936322

     

    http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html?sr=34936362

     

    Kevin

     

  • @Kevin.K RE: "Might be helpful to identify which device certificate you're referring to. If you're referring to the device certificate for UI admin page, that would be here: /config/httpd/conf/ssl.crt"

     

    Is there documentation about how to change the UI admin page certificate only?

     

    Thanks.

     

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Welcome. Just to sharpen this statement a bit:

     

    It would be best to take a maintenance window if updating *the dtca.crt" since you have to break the device trust to update them.

     

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Might be helpful to identify which device certificate you're referring to.

     

    If you're referring to the device certificate for UI admin page, that would be here:

     

    /config/httpd/conf/ssl.crt

     

    http://support.f5.com/kb/en-us/solutions/public/7000/700/sol7754.html

     

    As mentioned, this shouldn't affect connectivity through the SSL Virtual Servers.

     

    The device trust certificate for HA would be here:

     

    /config/ssl/ssl.crt/dtca.crt

     

    http://support.f5.com/kb/en-us/solutions/public/13000/900/sol13946.html

     

    It would be best to take a maintenance window if updating these since you have to break the device trust to update them.

     

  • The device certificate doesn't relate to your Virtual Servers and the like so no worries there. However, device group trust relies on it quite heavily so I'd recommend any changes you make are out of hours, or factor in the possibility of re-establishing HA device trusts.