Forum Discussion
Cirrostratussome questions on device Trust Certificate?
Hi Herman2024,
If the certificate is the same, you can delete it, but before saving a UCS, duplication could happen in the bigip_add process if it were executed a couple of times, or maybe someone in your company uploaded the certificate after the bigip_add, but it is a little weird. I recommend you generate new self-signed certificates with the name of the hosts for the LTM and GTM devices to avoid generic certificates with the same name.
about your questions:
- review the serial number of the certificates. You are probably looking at the certificates from your GTM devices, but the certificate name has never been changed.
- The GTM-DNS stores the LTM-GTM certificates in other locations, you have to go to: DNS > GSLB > Servers > Trusted Server Certificates
I hope this answers your questions.
Herman2024Hi Sebastiansierra ,thanks a lot for your kind advice. Regarding the question on the duplicate certificates, I have checked the serial numbers of cert, and really there is duplicate cert in Device Trust Certificate list on LTM -- same serial number, and other parameters. Can you please advise the possible cause of duplicate certificates? Thanks in advance!
Hi Herman2024,
If the certificate is the same, you can delete it, but before saving a UCS, duplication could happen in the bigip_add process if it were executed a couple of times, or maybe someone in your company uploaded the certificate after the bigip_add, but it is a little weird. I recommend you generate new self-signed certificates with the name of the hosts for the LTM and GTM devices to avoid generic certificates with the same name.
- Herman2024
Hi Sebastiansierra , thanks a lot for your kind advice. I saw there were two GTM device certificates in LTM Device Trust List, one is old certificate which is already expired. Is this old expired certificate causing ssl certificate verification failure? Thanks again!