cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Replace BIG IP self signed device certificate with CA signed device certificate

Ajeet_Gupta
Nimbostratus
Nimbostratus

Hi Guys,

 

We have LTM, DNS, Viprion Hosts and Guests in which running device certificates are self signed. We have to replace these all self signed device certificate with CA signed device certificate. We have already CA which can provide certificates after raising CSR. I'm looking for best practices to renew/replace with minimum service impacts. LTMs and communicating with DNS via iQuery as well.

 

Your valuable response is highly appreciated.

 

Thank You

 

Regards

Ajeet Gupta

1 REPLY 1

Grumpy_Cat
Cirrus
Cirrus

Hi Ajeet,

 

This article covers how to replace the default device cert with a CA signed cert:

https://support.f5.com/csp/article/K42531434#replace

Covers iQuery comms as well. It's the same process where you'll need to add the new cert into their trusted device cert either using the bigip_add script or manually importing via TMUI.

 

Make sure the new SSL cert is not a wildcard otherwise comms will fail.

 

Let me know if you need anything else.

 

Kind regards

Ben