Forum Discussion

Caio_178191's avatar
Caio_178191
Icon for Nimbostratus rankNimbostratus
Apr 17, 2015

bigip_add

Hi good morning.

 

Would like to ask you guys something about bigip_add command.

 

We know that bigip_add is a command that was made to give "confidence" between boxes. Being more technical, it will transfer certificate from the box that you are putting the ip address when you type bigip_add in linux to the box that you are typing the command.

 

And my question is:

 

Why you need to type bigip_add for the own box when you are going to, for example, add a Server in GTM feature? I mean, if the LTM is in the same box, why I need to type bigip_add? If I not type this command, GTM will not show me the VSs that are in LTM feature. But they are in the same box!! LTM and GTM are in the same box!!!! Why I need to give "confidence" to the own box for features that are in the same place?

 

Thanks.

 

1 Reply

  • Hi,

     

    I guess because this is generic approach that was designed rather for handling trust between separate boxes than when running both modules on one box. I can't recall it right now (was doing lab config some time ago) but LTM is storing certificates for device authentication in System ›› Device Certificates : Device Certificate ›› Device Certificate and GTM in DNS ›› GSLB : Servers : Trusted Server Certificates. This second location is not by default populated with certificate from the first (I am pretty sure but not 100%) so bigip_add is used to transfer it even if this is one device. Anyway I did this certificate exchange manually by exporting and importing certificates - it's another way to do that without bigip_add - but probably more cumbersome :-)

     

    That is more or less the reason as far as I understand it.

     

    Piotr