Forum Discussion

SriniV_232089's avatar
SriniV_232089
Icon for Nimbostratus rankNimbostratus
Jan 25, 2017

New Certification for management GUIs for LTMs and GTMs

We are in process of upgrading certification for hostname's for LTMs and GTMs which is used to access MGMT GUI. Except GTM, all the LTMs use localhost.localdomain certs and this would be replaced with proper hostname certs from our company certificate authority.

 

In LTM, If I look at the "Trusted Device Certificates" under "system"-"device certificates" we have GTM's MGMT GUI certs on every LTMs.

 

My question is, when I update the MGMT gui cert for GTM, will it break connections between GTM and LTMs? Also I need to know process to do it without impact?

 

application delivery
BIG-IP

1 Reply

Sort By
  • Kevin_K_51432's avatar
    Kevin_K_51432
    Historic F5 Account
    Jan 25, 2017

    Greetings, The device certificates are used to authenticate remote BIG-IP systems. From the F5 manual on this topic:

    
BIG-IP devices use SSL certificates for authentication and communication among BIG-IP devices on the network. For this authentication and communication between BIG-IP devices to function properly, you should be aware of the following:

For BIG-IP DNS deployments and AAM symmetric deployments, if you update or renew device certificates after they have expired, you must ensure that you copy the new certificates to the remote BIG-IP devices. BIG-IP devices exchange device certificates when running these scripts:

bigip_add (BIG-IP DNS and AAM)
big3d_install (BIG-IP DNS only)

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-ssl-administration-12-1-1/2.html

    I'd give these articles a review for a more in depth understanding:

    K15664: Overview of BIG-IP device certificates (11.x - 12.x)

  https://support.f5.com/csp/article/K15664


K9114: Creating a new SSL device certificate and key pair  

  https://support.f5.com/csp/article/K9114

    Kevin