F5 BIGIP Device Certificate

Question

Hi,&nbsp;
I have two F5 BIGIP ver 11.4.0 (APM Module only) configured as High Availability using Device Service Clustering.  I have replaced the default device certificates from both devices using our own external CA server signed certs from GUI admin.&nbsp;
1) Uploaded the Device Certificates to both F5 using GUI. System &gt; Device Certificates &gt; Device Certificates.
2) Uploaded the other F5 Device Cert and ROOT CA as Trusdted Device Certs. System &gt; Device Certificates &gt; Trusted Device Certificates.&nbsp;
During testing, Configsync and HA Failover are working fine. However, after I enable the SSL debug logging level. I am seeing the certificate error such as below.&nbsp;
" Feb 6  debug tmm[10015]: 01260006:7: Peer cert verify error: certificate not trusted (depth 0; cert /CN=) "&nbsp;
I tried to search this type of error from internet and Dev Central but to no avail. I understand that it is something to do with CA trust setings. I would like to determine the exact cause of this error and how to get rid of it.&nbsp;
Based on this KB link http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8187.html. Device certificate is used only by the Configuration utility for HTTPS communication as well as by the following device-to-device communication processes:
 •configsync
 •big3d
 •gtmd
 •iqdump&nbsp;
Thanks in advance for your help.&nbsp;

jkari_144214 · Answer

Hi, &nbsp;
I have same problem. I installed cert couple days ago and now I,m trying to get my first https service up but it fails. From SSL logging I found this message:&nbsp;
Peer cert verify error: certificate not trusted (depth 0; cert /CN=my backup f5)&nbsp;
I have tested service from servers and it's works, any help appreciated.&nbsp;

jkari_144214 · Answer

Hi,&nbsp;
well I managed to get my https working, it was only configuration problem. Nothing to do with these notification. But let's get back to the point, Peer cert verify error: certificate not trusted (depth 0; cert /CN=my backup f5) where that comes from?&nbsp;

niilas_138664 · Answer

Hi, 
Any updates on this? 
I am running into the same issue "Peer cert verify error" on all LTMs deployed in sync-failover cluster. These are all VEs.
The issue seems to come and go and this makes the virtual servers "flap" so they might time-out or work depending on the moment. Resetting device trust and rebuilding the sync fixes the issue for a while, but it always comes back. 
I currently have a ticket open for this also.&nbsp;

mike_126673 · Answer

Niilas, did you get a resolution on your ticket? I'm seeing the same messages with SSL debug on. I'm also using virtuals with sync-failover configured.

Forum Discussion

F5 BIGIP Device Certificate

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Re: BigIP Report

TLSv1.0 and TLSv1.1 disable in Device Certificate

Device certificate Issuer and other information not updating on the browser's certificate details

Re: Management Certificate

Device Management