Device certificate replace in HA Sync group 13.x

Question

Team&nbsp;
i need to replace self signed device certificate with CA signed certificate. But the devices are in HA group and running 13.1 version .  If i renew the certificate will it break HA ?  if yes how to replace the device certificate in HA sync group.&nbsp;

joshbecigneul · Answer

Hello,&nbsp;
The device certificate is independent of the trust certificates used for the DSC configuration. You should be fine to replace it at any time.&nbsp;
One scenario that you need to be concerned about the device certificate is if you're using BIG-IP DNS (GTM), which uses that certificate as part of the trust for the iQuery protocol. If you switch to a CA signed cert then you should install the CA cert in the BIG-IP DNS Trusted Server Certificates list.&nbsp;

Forum Discussion

Device certificate replace in HA Sync group 13.x

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

TLSv1.0 and TLSv1.1 disable in Device Certificate

Device certificate Issuer and other information not updating on the browser's certificate details

Re: Management Certificate

Device Management

My Security+ Certification Journey