Forum Discussion

rmd1023's avatar
rmd1023
Icon for Nimbostratus rankNimbostratus
Jun 02, 2017

Using the same 3rd party certificate for two devices in a device group?

I currently use self-signed certificates on my cluster of LTMs running 11.5.3. I would like to install 3rd party certificates.

 

If I generate a certificate that has subject alternative names that include the individual hostnames for the two devices as well as the name of the floating IP, can I apply that certificate to both devices? Or will the device group sync have a problem with sharing a cluster with a device that has the same certificate?

 

So if my two devices are "ltm-1.example.com" and "ltm-2.example.com" and the name of the floating IP is "ltm-active.example.com", I'd have a certificate for ltm-active.example.com with ltm-1.example.com and ltm-2.example.com as SANs and I would install the same cert/key pair on both devices.

 

Thanks!

 

  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account

    Greetings!

     

    This article offers some background on the various device certificates. In short, the DSC certificates are different than the Configuration utility certificates. I believe (hope) you are going to be installing the certificate to access the Configuration utility?

     

    https://support.f5.com/csp/article/K15664

     

    Hope this helps! Kevin