For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

device certificate

8 Topics

What Certificates should be where? GSLB Trust Certificates vs Device Trusted Certificates
Hi All, My setup consists of two DC's with Two GTM's (Active/Standby) and Two LTM's (Active/Standby) in each DC. Within the GSLB Trusted Certificate Store, there are certs for each others devices, which I believe is the correct setup. (Each device has 8 certs, of its other devices)… However I am not sure about what should be in the "System - Certificate Management - Device Certificate Management - Device Trust Certificates store. (This is a bit of a mess, some devices have each others, some don't etc. Would like to have this cleaned up. For ease of description will refer to items as the following : - DC1GTMA - DC1 Active GTM DC1GTMS - DC1 Standby GTM DC1LTMA - DC1 Active LTM DC1LTMS - DC1 Standby LTM DC2GTMA - DC2 Active GTM DC2GTMS - DC2 Standby GTM DC2LTMA - DC2 Active LTM DC2LTMS - DC2 Standby LTM The four GTM's are in a device sync group "DNS - Settings - GSLB - General"...so when you make a change on one GTM, its replicated across all of them. Would this come under IQUERY and thus come under the GSLB Trusted Certificate store, or is this under the Device Trust Store? Hope the above makes sense. Thanks
hussy52
Oct 10, 2025 Place Technical Forum
78Views
0likes
2Comments
F5 Device Certificate renewal process on Active and Standby devices
Hi Team, The SSL certificates on the load balancers we manage (both Active and Passive) are set to expire in July. Could you please share the recommended steps to renew them correctly and ensure a smooth implementation without any service impact? Certificate Expiry Details Active Load Balancer: Expires on July 26th, 2025 Passive Load Balancer: Expires on July 27th, 2025 Please note that in our case, both load balancers are using different certificates.
Mr_BK
Jul 21, 2025 Place Technical Forum
147Views
0likes
4Comments
How to Renew F5 Device Certificate
Hi Team , We have self-signed device certificate which is going to expire soon. Can you please let me know if I can click on renew and update the expiry date ? Please let me know the correct procedure to renew the device certificate . System ›› Certificate Management : Device Certificate Management : Device Certificate ›› server.crt
Solved
Blue_whale
Mar 28, 2025 Place Technical Forum
691Views
0likes
6Comments
F5 Device Certificate import not working
I have new pair of F5 and trying to import Wildcard (*.example.com) certificate, after import its showing Name: Server Certificate Subject(s): No certificate Am i doing something wrong?
satish_txt_2254
Jun 03, 2023 Place Technical Forum
404Views
0likes
4Comments
Device certificate not working
Hi, I was trying to upload new device certificate on my f5. But post importing certificate, I lost my WebUI access and now I am unable to access webUI of my f5. Can u pls let me know what went wrong and how to fix this issue?
Solved
BK1
Mar 03, 2020 Place Technical Forum
1.3KViews
0likes
5Comments
Using the same 3rd party certificate for two devices in a device group?
I currently use self-signed certificates on my cluster of LTMs running 11.5.3. I would like to install 3rd party certificates. If I generate a certificate that has subject alternative names that include the individual hostnames for the two devices as well as the name of the floating IP, can I apply that certificate to both devices? Or will the device group sync have a problem with sharing a cluster with a device that has the same certificate? So if my two devices are "ltm-1.example.com" and "ltm-2.example.com" and the name of the floating IP is "ltm-active.example.com", I'd have a certificate for ltm-active.example.com with ltm-1.example.com and ltm-2.example.com as SANs and I would install the same cert/key pair on both devices. Thanks!
rmd1023
Jun 02, 2017 Place Technical Forum
295Views
0likes
1Comment
LTM Device Cert different to HTTPS cert
Device cert has been updated on the LTM (3rd-party signed). However the https cert is still showing the old one. Where is the LTM storing that old cert and why is it not updating it to the new one? I checked under /config/httpd/conf/ssl.crt and verified server.crt is the current cert. Neither cert is under the Trusted cert list.
Solved
Laura_Alonso_14
Nov 18, 2016 Place Technical Forum
481Views
0likes
1Comment
Checking SSL Certificates using iControl REST API
Hi guys, I'm looking for a way to check if the SSL certificate has expired using iControl REST API. I have already found a way to check all certificates that can be used in SSL Client/Server Profiles with Virtual Servers mgmt/tm/sys/file/ssl-cert endpoint and these are all certificates that can be found in System >> File Management >> SSL Certificate List. I'm also very interested in checking the certificates that are using for config sync between the BIG-IP devices. This is the part where I'm having some issues. I have found the mgmt/tm/cm/cert endpoint that contains dtca.crt and dtci.crt. I'm wondering what these certificates are used for. Can somebody shed some light on it please? In the documentation I have also found mention of server.crt and client.crt that can be found in the /config/httpd/conf directory of the BIG-IP file system. But I haven't managed to find any iControl REST API endpoint that would return some information about these certificates, and I'm not sure what they are used for either.
prole92_221949
May 26, 2016 Place Technical Forum
505Views
0likes
1Comment