Replacing the Configuration utility's self-signed device certificate with a CA-signed Certificate

Question

Hi,As part of vulnerability scan open point in our environment, there is one open point to "install a server certificate signed by a trusted third-party Certificate Authority".Please let me know the configuration steps required to replace configuration utility's self-signed device certificate with a CA-signed Certificate.&nbsp;

kevin_stewart · Answer

https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-digital-certificates-administration/device-certificate-management.html
&nbsp;

paulius · Answer

If you are referring to the SSL cert that is used when logging into the GUI I believe the following article is what you are looking for. It is important that you create a backup of the SSL cert and key before changing them which can by done by typing the following.

cd /config/httpd/conf/ssl.crt/server.crt
cp server.crt server.crt.bak

cd /config/httpd/conf/ssl.key/server.key
cp server.key server.key.bak

https://support.f5.com/csp/article/K42531434#replace

Forum Discussion

Replacing the Configuration utility's self-signed device certificate with a CA-signed Certificate

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

Certificate Expiry Email alert configuration

Re: Management Certificate

My Security+ Certification Journey

Multiple Ways to Configure Usage Reporting in NGINX

Certifications for security professionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS