Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Device certificate Issuer and other information not updating on the browser's certificate details

Go to solution
teemo_13
Cirrus
Cirrus

‎11-Jan-2023 11:57

We recently updated a device certificate on an F5 device but we encounted lost access on the GUI after the device cert application. We stumble upon this article https://support.f5.com/csp/article/K52731589 and did the steps on there.

After leaving everything in default and restarting HTTPD, the access on the GUI worked again. Now the problem is this,
We managed to make the certificate import work but only the information on the System>Certificate Management>Device certificate is updating. When we check the browser, we see this below

Joven_1-1673452997483.png

My question is how can we update the info on the browser as well? Or how can we revert the changes to it?

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
teemo_13
Cirrus
Cirrus

‎12-Jan-2023 00:20

Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!

View solution in original post

8 REPLIES 8

Go to solution
Paulius
MVP
MVP

‎11-Jan-2023 12:09

I have not used the method in the link that you provided but I have used the process in the following link starting at section "Replace the BIG-IP system self-signed device certificate" which should produce the correct results for you. Please make sure to backup your two files that you are replacing before you replace them.

https://support.f5.com/csp/article/K42531434

@teemo_13

0 Kudos

Go to solution
teemo_13
Cirrus
Cirrus
In response to Paulius

‎11-Jan-2023 17:35

Hi thanks for your reply. Will this work with a cert given by an internal CA? not 3rd Party CA.

0 Kudos

Go to solution
Paulius
MVP
MVP
In response to teemo_13

‎11-Jan-2023 21:17

This will work with any CA as long as the cert and key match. You will still receive the warning in your browser when you attempt to connect but if you import the internal CA cert it will no longer receive that error assuming you connect using the CN in the SSL cert.

0 Kudos

Go to solution
Rodrigo_Albuque
MVP
MVP

‎11-Jan-2023 19:32 - edited ‎11-Jan-2023 19:32

what the browser shows is the info you provided when you typed the command F5 suggested:

openssl req -new -x509 -key ../ssl.key/server.key -days <# of days> -out server.crt

what specifically you'd like to update in the browser?

 

If you've already replaced the cert with the Linux command in the article you've already replaced the old cert. Unless you backed it up, I think it's gone. 

0 Kudos

Go to solution
teemo_13
Cirrus
Cirrus
In response to Rodrigo_Albuque

‎11-Jan-2023 19:37

I only did the recommendation on the article to regain access to the GUI. I have a backup of the device cert but when I import it, the browser still shows the same as the screenshot above. 

what specifically you'd like to update in the browser?

-I would like to see matching details on the F5 Device cert page and the browser's. As of now they are not the same.

0 Kudos

Go to solution
Rodrigo_Albuque
MVP
MVP
In response to teemo_13

‎11-Jan-2023 19:41

did you restart httpd after the changes?

tmsh restart /sys service httpd

0 Kudos

Go to solution
teemo_13
Cirrus
Cirrus
In response to Rodrigo_Albuque

‎11-Jan-2023 19:44

Yes, i restarted HTTPD. also cleared cached of the browser as well. Still getting the same.

0 Kudos

Go to solution
teemo_13
Cirrus
Cirrus

‎12-Jan-2023 00:20

Hi guys, this has been fixed. internal CA provided a faulty certificate. Fixed after getting new cert. Thanks!

Copyright © 2023 Khoros, LLC