Using the same 3rd party certificate for two devices in a device group?
I currently use self-signed certificates on my cluster of LTMs running 11.5.3. I would like to install 3rd party certificates. If I generate a certificate that has subject alternative names that include the individual hostnames for the two devices as well as the name of the floating IP, can I apply that certificate to both devices? Or will the device group sync have a problem with sharing a cluster with a device that has the same certificate? So if my two devices are "ltm-1.example.com" and "ltm-2.example.com" and the name of the floating IP is "ltm-active.example.com", I'd have a certificate for ltm-active.example.com with ltm-1.example.com and ltm-2.example.com as SANs and I would install the same cert/key pair on both devices. Thanks!
Checking SSL Certificates using iControl REST API
Hi guys, I'm looking for a way to check if the SSL certificate has expired using iControl REST API. I have already found a way to check all certificates that can be used in SSL Client/Server Profiles with Virtual Servers mgmt/tm/sys/file/ssl-cert endpoint and these are all certificates that can be found in System >> File Management >> SSL Certificate List. I'm also very interested in checking the certificates that are using for config sync between the BIG-IP devices. This is the part where I'm having some issues. I have found the mgmt/tm/cm/cert endpoint that contains dtca.crt and dtci.crt. I'm wondering what these certificates are used for. Can somebody shed some light on it please? In the documentation I have also found mention of server.crt and client.crt that can be found in the /config/httpd/conf directory of the BIG-IP file system. But I haven't managed to find any iControl REST API endpoint that would return some information about these certificates, and I'm not sure what they are used for either.
