Forum Discussion
why the device certificate verify failed when the device certificate is not expired?
- Jan 10, 2025
Hello Herman2024 GTM iquery depends upon valid certificates. This reference article Overview of BIG-IP device certificates (11.x - 16.x) will go into details for Trusted Device Certificates as well as Trusted Server Certificates (DNS).
Device Cert Location ---> “Configuration Utility: Device Certificates” (System > Certificate Management > Device Certificate Management > Device Certificate | Device Key
DNS Server Cert Location ---> ” (DNS > GSLB > Servers > Trusted Server Certificates)
Check these stores and ensure there aren't any expired certifications etc.
ThanksJeffrey_Granier I saw there are multiple certificates in other DNS nodes "Device Trust Certificate" with the same serial number. How to verify and confirm whether one client certificate belong to DNS01? I saw the serial number in some certificate is in the format like mac address, don't know what these certificates are. Please advise, thanks in advance!
Hello Herman2024 GTM iquery depends upon valid certificates. This reference article Overview of BIG-IP device certificates (11.x - 16.x) will go into details for Trusted Device Certificates as well as Trusted Server Certificates (DNS).
Device Cert Location ---> “Configuration Utility: Device Certificates” (System > Certificate Management > Device Certificate Management > Device Certificate | Device Key
DNS Server Cert Location ---> ” (DNS > GSLB > Servers > Trusted Server Certificates)
Check these stores and ensure there aren't any expired certifications etc.
- Herman2024Jan 14, 2025
Cirrostratus
Hi Jeffrey_Granier , thanks a lot for your kind advice! Our device certificats and trust certificates seem not expire, so what next step I should do is to restart big3d on local DNS/gtm and gtmd on remote DNS/gtm, right? please advise, thanks.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com