Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Device certificate Issuer and other information not updating on the browser's certificate details

teemo_13
Cirrus
Cirrus

We recently updated a device certificate on an F5 device but we encounted lost access on the GUI after the device cert application. We stumble upon this article https://support.f5.com/csp/article/K52731589 and did the steps on there.

After leaving everything in default and restarting HTTPD, the access on the GUI worked again. Now the problem is this,
We managed to make the certificate import work but only the information on the System>Certificate Management>Device certificate is updating. When we check the browser, we see this below

Joven_1-1673452997483.png

My question is how can we update the info on the browser as well? Or how can we revert the changes to it?

 

1 ACCEPTED SOLUTION

teemo_13
Cirrus
Cirrus

Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!

View solution in original post

8 REPLIES 8

Paulius
MVP
MVP

I have not used the method in the link that you provided but I have used the process in the following link starting at section "Replace the BIG-IP system self-signed device certificate" which should produce the correct results for you. Please make sure to backup your two files that you are replacing before you replace them.

https://support.f5.com/csp/article/K42531434

@teemo_13

Hi thanks for your reply. Will this work with a cert given by an internal CA? not 3rd Party CA.

This will work with any CA as long as the cert and key match. You will still receive the warning in your browser when you attempt to connect but if you import the internal CA cert it will no longer receive that error assuming you connect using the CN in the SSL cert.

what the browser shows is the info you provided when you typed the command F5 suggested:

openssl req -new -x509 -key ../ssl.key/server.key -days <# of days> -out server.crt

what specifically you'd like to update in the browser?

 

If you've already replaced the cert with the Linux command in the article you've already replaced the old cert. Unless you backed it up, I think it's gone. 

I only did the recommendation on the article to regain access to the GUI. I have a backup of the device cert but when I import it, the browser still shows the same as the screenshot above. 

what specifically you'd like to update in the browser?

-I would like to see matching details on the F5 Device cert page and the browser's. As of now they are not the same.

did you restart httpd after the changes?

tmsh restart /sys service httpd

Yes, i restarted HTTPD. also cleared cached of the browser as well. Still getting the same.

teemo_13
Cirrus
Cirrus

Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!