Replace BIG IP self signed device certificate with CA signed device certificate

Question

Hi Guys,&nbsp;We have LTM, DNS, Viprion Hosts and Guests in which running device certificates are self signed. We have to replace these all self signed device certificate with CA signed device certificate. We have already CA which can provide certificates after raising CSR. I'm looking for best practices to renew/replace with minimum service impacts. LTMs and communicating with DNS via iQuery as well. &nbsp;Your valuable response is highly appreciated.&nbsp;Thank You &nbsp;Regards Ajeet Gupta

grumpy_cat · Answer

Hi Ajeet,&nbsp;This article covers how to replace the default device cert with a CA signed cert:https://support.f5.com/csp/article/K42531434#replaceCovers iQuery comms as well. It's the same process where you'll need to add the new cert into their trusted device cert either using the bigip_add script or manually importing via TMUI.&nbsp;Make sure the new SSL cert is not a wildcard otherwise comms will fail.&nbsp;Let me know if you need anything else.&nbsp;Kind regardsBen

Forum Discussion

Replace BIG IP self signed device certificate with CA signed device certificate

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

Automating ACMEv2 Certificate Management on BIG-IP

My Security+ Certification Journey

Certifications for security professionals