Forum Discussion

teemo_13's avatar
teemo_13
Icon for Cirrus rankCirrus
Jan 11, 2023
Solved

Device certificate Issuer and other information not updating on the browser's certificate details

We recently updated a device certificate on an F5 device but we encounted lost access on the GUI after the device cert application. We stumble upon this article https://support.f5.com/csp/article/K52731589 and did the steps on there.

After leaving everything in default and restarting HTTPD, the access on the GUI worked again. Now the problem is this,
We managed to make the certificate import work but only the information on the System>Certificate Management>Device certificate is updating. When we check the browser, we see this below



My question is how can we update the info on the browser as well? Or how can we revert the changes to it?

 

  • Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!

8 Replies

  • Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!

  • I have not used the method in the link that you provided but I have used the process in the following link starting at section "Replace the BIG-IP system self-signed device certificate" which should produce the correct results for you. Please make sure to backup your two files that you are replacing before you replace them.

    https://support.f5.com/csp/article/K42531434

    teemo_13

    • teemo_13's avatar
      teemo_13
      Icon for Cirrus rankCirrus

      Hi thanks for your reply. Will this work with a cert given by an internal CA? not 3rd Party CA.

      • Paulius's avatar
        Paulius
        Icon for MVP rankMVP

        This will work with any CA as long as the cert and key match. You will still receive the warning in your browser when you attempt to connect but if you import the internal CA cert it will no longer receive that error assuming you connect using the CN in the SSL cert.

  • what the browser shows is the info you provided when you typed the command F5 suggested:

    openssl req -new -x509 -key ../ssl.key/server.key -days <# of days> -out server.crt

    what specifically you'd like to update in the browser?

     

    If you've already replaced the cert with the Linux command in the article you've already replaced the old cert. Unless you backed it up, I think it's gone. 

    • teemo_13's avatar
      teemo_13
      Icon for Cirrus rankCirrus

      I only did the recommendation on the article to regain access to the GUI. I have a backup of the device cert but when I import it, the browser still shows the same as the screenshot above. 

      what specifically you'd like to update in the browser?

      -I would like to see matching details on the F5 Device cert page and the browser's. As of now they are not the same.