Forum Discussion
why the device certificate verify failed when the device certificate is not expired?
- Jan 10, 2025
Hello Herman2024 GTM iquery depends upon valid certificates. This reference article Overview of BIG-IP device certificates (11.x - 16.x) will go into details for Trusted Device Certificates as well as Trusted Server Certificates (DNS).
Device Cert Location ---> “Configuration Utility: Device Certificates” (System > Certificate Management > Device Certificate Management > Device Certificate | Device Key
DNS Server Cert Location ---> ” (DNS > GSLB > Servers > Trusted Server Certificates)
Check these stores and ensure there aren't any expired certifications etc.
ThanksJeffrey_Granier I saw there are multiple certificates in other DNS nodes "Device Trust Certificate" with the same serial number. How to verify and confirm whether one client certificate belong to DNS01? I saw the serial number in some certificate is in the format like mac address, don't know what these certificates are. Please advise, thanks in advance!
- Jeffrey_GranierJan 10, 2025
Employee
Hello Herman2024 GTM iquery depends upon valid certificates. This reference article Overview of BIG-IP device certificates (11.x - 16.x) will go into details for Trusted Device Certificates as well as Trusted Server Certificates (DNS).
Device Cert Location ---> “Configuration Utility: Device Certificates” (System > Certificate Management > Device Certificate Management > Device Certificate | Device Key
DNS Server Cert Location ---> ” (DNS > GSLB > Servers > Trusted Server Certificates)
Check these stores and ensure there aren't any expired certifications etc.
- Herman2024Jan 14, 2025
Cirrostratus
Hi Jeffrey_Granier , thanks a lot for your kind advice! Our device certificats and trust certificates seem not expire, so what next step I should do is to restart big3d on local DNS/gtm and gtmd on remote DNS/gtm, right? please advise, thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com