Forum Discussion
Cirrostratussome questions on device Trust Certificate?
Hi Herman2024,
If the certificate is the same, you can delete it, but before saving a UCS, duplication could happen in the bigip_add process if it were executed a couple of times, or maybe someone in your company uploaded the certificate after the bigip_add, but it is a little weird. I recommend you generate new self-signed certificates with the name of the hosts for the LTM and GTM devices to avoid generic certificates with the same name.
CirrostratusHi Sebastiansierra ,thanks a lot for your kind advice. Regarding the question on the duplicate certificates, I have checked the serial numbers of cert, and really there is duplicate cert in Device Trust Certificate list on LTM -- same serial number, and other parameters. Can you please advise the possible cause of duplicate certificates? Thanks in advance!
Hi Herman2024,
If the certificate is the same, you can delete it, but before saving a UCS, duplication could happen in the bigip_add process if it were executed a couple of times, or maybe someone in your company uploaded the certificate after the bigip_add, but it is a little weird. I recommend you generate new self-signed certificates with the name of the hosts for the LTM and GTM devices to avoid generic certificates with the same name.
- Herman2024
Hi Sebastiansierra , thanks a lot for your kind advice. I saw there were two GTM device certificates in LTM Device Trust List, one is old certificate which is already expired. Is this old expired certificate causing ssl certificate verification failure? Thanks again!
Hi Herman2024,
If the certificate is expired, you have to remove it! where did you find this issue? "causing ssl certificate verification failure"