Creating a new device certificate - signed by internal CA

Question

I am using version 11.5.3. I have a requirement to update the device certificate with an internal CA signed certificate. We have a self signed cert that wont expire until 2025. 
I am planning on doing the following procedure&nbsp;
Device certificate -&gt; Renew -&gt; finish - **Will this replace the existing cert already ?I am assuming it won't. So I will export the cert. This will generate a CSR. Once I get a signed cert, I will import it. How do I replace the self signed with this CA signed?
Please correct me if I am wrong.Thanks!&nbsp;

amintej · Answer

Hello,
I modified a little bit your procedure:

System &gt; Device certificate &gt; Renew -&gt; Please, be sure to select "Issuer: Certificate Authority". This action will generate CSR, copy csr text at the end of the wizard and send to your CA(issuer). Note CSR files have headers:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

Yes, you are right no action at this point.

Once you receive the certiticate, import the CA file
`System  ››  Device Certificates : Trusted Device Certificates

Finally, import F5's certificate signed by your CA:
`System  ››  Device Certificates : Device Certificate

and this will replace the certificate immediately if the verification is OK in F5.

Forum Discussion

Creating a new device certificate - signed by internal CA

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Creating Your Intermediary Certificate

Create isolated environment for internal and external networks

Creating, Importing and Assigning a CA Certificate Bundle