Replace BIG IP self signed device certificate with CA signed device certificate

Question

Hi Guys,&nbsp;We have LTM, DNS, Viprion Hosts and Guests in which running device certificates are self signed. We have to replace these all self signed device certificate with CA signed device certificate. We have already CA which can provide certificates after raising CSR. I'm looking for best practices to renew/replace with minimum service impacts. LTMs and communicating with DNS via iQuery as well. &nbsp;Your valuable response is highly appreciated.&nbsp;Thank You &nbsp;Regards Ajeet Gupta

grumpy_cat · Answer

Hi Ajeet,&nbsp;This article covers how to replace the default device cert with a CA signed cert:https://support.f5.com/csp/article/K42531434#replaceCovers iQuery comms as well. It's the same process where you'll need to add the new cert into their trusted device cert either using the bigip_add script or manually importing via TMUI.&nbsp;Make sure the new SSL cert is not a wildcard otherwise comms will fail.&nbsp;Let me know if you need anything else.&nbsp;Kind regardsBen

Forum Discussion

Replace BIG IP self signed device certificate with CA signed device certificate

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Entra ID F5 APM MDM Intune integration compliance check

Replacing i2800 pair with new F5-BIG-AFM-r2800

Unable to download files greater than 4GB. Running version 15.1.5.1

Efficient Method to Compare F5 Configurations

F5 Big-IQ read-only API username creation.

Related Content

Automating ACMEv2 Certificate Management on BIG-IP

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Updating SSL Certificates on BIG-IP using REST API

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS