Issue:
Wideip’s will go down due to F5 device internal device certificate expiration.
Alerts:
DeviceA alert gtmd[13073]: 011ae0f3:1: SNMP_TRAP: big3d SSL cert EXPIRED at IP 10.1.1.1
Device A err gtmd[13073]: 011ae0fa:3: iqmgmt_ssl_connect: SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278)
Device A alert gtmd[13073]: 011ae0f3:1: SNMP_TRAP: big3d SSL cert EXPIRED at IP 192.168.1.1
Cause:
Internal F5 device certificates are expired
Solution:
A.
- Login to the standby F5 device
- Go to System ›› Device Certificates : Device Certificate
- Click on Renew
- Update valid for 3650 days (according to your requirement)
- Click Finished
Perform steps from 1 to 5 on active device.
B. Now login into the active device through CLI and perform the below steps.
bigip_add < peer IP>
bigip_add script uses the SSH protocol to exchange iQuery SSL certificates with the remote BIG-IP system
The bigip_add script appends the local BIG-IP DNS system’s SSL certificate to the remote BIG-IP system’s list of authorized certificates.
C.
Now login into the sandby device through CLI and perform the below steps.
bigip_add < peer IP>
Once internal device certificates are exchanged, wideip’s will come to available status.