bigip_add command behaviour on BIGIP DNS

Question

Hi&nbsp;Recently , i worked on alternate approach for bigip_add command which was to manually export and import each other'scertificate. In one case I had to export/import root and intermediate certificates as well( where devicecertificate is not self signed). I never had to restart any process in BIG IP DNS which is against the f5document recommendation.&nbsp;I need to understand the whole phenomenon behind bigip_add .Why it gives SSL errors ? In what caseswe have to export/import intermediate and root device certificates. Whether bigip_add is self sufficientto bring in end ,intermediate and root device certificate or some process would be manual ? Alsosome more info about device certificates,please.&nbsp;ThanksMayank

ashfaq1 · Answer

Hi,Not sure if I can answer your question completely but below is my experience. I have used bigip_add to re-add BIG IP devices when we renewed our devices certificate. You can use the following commands to check the status of devices trust. iqdump &lt;ip of big ip device&gt;For GTM, you can use tmsh show gtm iquery and make sure the trust is available between the devices on respective self -ips. This sure will help resolve the trust issues you will find with neighbor devices.

Forum Discussion

bigip_add command behaviour on BIGIP DNS

1 Reply

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Power of tmsh commands using Ansible

Ansible - Running bash commands with bigip_command module - How it's done

F5 Partner Solution Showcase - "BlockAPT Platform - Command for Unified Visibility"

Knowledge sharing: Velos and rSeries (F5OS) basic troubleshooting, logs and commands

DNS Resolution with the RESOLVER::name_lookup Command