Forum Discussion

Harry1's avatar
Harry1
Icon for Nimbostratus rankNimbostratus
Jul 11, 2016

iQuery issue due to certificate exchange between GTM

Hi,

 

I am facing an issue in GTM. servers at my backup side data center GTM is showing down. same status at primary data center GTM. while all GTM and LTM is up also telnet is happening on port 4353. when I saw in GTM logs, found an error like " certificate exchange error" . as per F5 representative, all GTM and LTM devices having same common name under device self certificate hence certificate exchange will be a challenge. however this setup has been working for one year almost.but due to some network issue backup data center wen down and then issue started.

 

if issue is really due to same common name then I will have to renew self sign certificate from all the devices and need to exchange with bigip_add command right? but how much time approximately f5 will take when renewing the certificate and then exchanging between GTM to GTM?

 

will appreciate for a quick reply as it is bit urgent.

 

Regards Prak

 

application delivery
BIG-IP DNS

3 Replies

Sort By
  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Jul 11, 2016

    As a general rule, I don't think your devices should have the same name. Of course they can share the same Domain certificate.

     

    First things to check. before it is common name related, make sure NTP etc is all ok, and simple things like sharing the same versions.

     

    Once thats done - You may want to run the gtm_add script (there's a solutions article on the topic) to add devices to the cluster with the most up to date configuration.

     

  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Jul 11, 2016

    This is a good SOL13690 article. When you run the gtm_add command, it should synchronize within a minute or so. You may have to add the bigip_add or big3d_install command depending on your infrastructure situation. I would recommend reading the solution article as the 1st step to make sure your set up is good.