Update device certificate

Under Device Management ›› Device Trust : Local Domain you would see dtca.crt which is the CA root certificate for the trust network. Same can be found at /config/ssl/ssl.crt/dtca.crt from command line. BIG-IP systems use the trust architecture to provide a secure framework for configuration synchronization (ConfigSync) and other high availability (HA) features, such as failover for BIG-IP device groups. When the device group components are properly defined, the device group members establish a secure communication channel using SSL certificates to accommodate device group communication and synchronization. You can visit https://support.f5.com/csp/article/K15664ui more more details

Thanks Anoop for the description, I understand the benefit of certificate and its usage during communications. My question is specifically related to CA certificate.

Hello dtn,

You have to change your device certificate. Your new certificate have to be signed by your Internal CA. Please follow this steps:

• Go to Certificate Management : Device Certificate Management : Device Certificate.
• Then click in Renew
• In issuer select "Certificate Autority"
• Then click on Finished

You will obtain an CSR that you will provide to your Internal CA Admin, Once signed, just import it to the same place.

After what your cert it will be signed by your internal CA and you will no longer have a certificate error or blocking by your policy.

For information, under Device Management ›› Device Trust : Local Domain CA certificate is used for the HA part. it is not there that you manage the ssl certificate of the device.

Keep me in touch if it's ok for you or if you need additional assisance.

Regards