> 1) How should i get the new certificate to renew this certificate.
You need to generate a CSR and request the new certificate from the internal Certificate Authority.
Just to be clear, every BigIP need to have a unique Device Certificate.
2) Steps to renew cert. Note :- This is not self signed certificate.
Obtaining the new certificate will depend on the internal Certificate Authority process.
Installing the new Device Certificate and updating the peer devices with the new certificate is detailed in
K7717: BIG-IP DNS and Link Controller support for third-party SSL certificates
3) Impact of not renewing certificate,
K15664: Overview of BIG-IP device certificates (11.x - 15.x)
-----
The BIG-IP system uses SSL certificates to secure connections when using the Configuration utility to perform administrative tasks and to secure inter-device communication between BIG-IP systems such as BIG-IP LTM device groups and BIG-IP DNS synchronization groups. For successful authentication and secure communication, you should be aware of the following factors:
- Device certificates must be valid and must not be expired.
- Device certificates must be maintained and renewed on each BIG-IP system.
- Redundant BIG-IP systems must exchange renewed certificates.
- SSL certificates signed by a third-party CA must include both the client authentication (clientAuth) and server authentication (serverAuth) extended key usage (EKU) extensions to allow use by both server and client applications. For more information, refer to K7717: BIG-IP DNS and Link Controller support for third-party SSL certificates.
BIG-IP systems use device certificates for a variety of tasks. The following sections list F5 device certificate types and their locations.
-----