Wide IP’s are down due to Device Certificate expiration on F5 Link Controller:

Issue:

Wideip’s will go down due to F5 device internal device certificate expiration.

Alerts:

DeviceA alert gtmd[13073]: 011ae0f3:1: SNMP_TRAP: big3d SSL cert EXPIRED at IP 10.1.1.1
Device A err gtmd[13073]: 011ae0fa:3: iqmgmt_ssl_connect: SSL error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (336134278)
Device A alert gtmd[13073]: 011ae0f3:1: SNMP_TRAP: big3d SSL cert EXPIRED at IP 192.168.1.1

Cause:

Internal F5 device certificates are expired

Solution:

A.

1. Login to the standby F5 device
2. Go to System  ››  Device Certificates : Device Certificate
3. Click on Renew
4. Update valid for 3650 days (according to your requirement)
5. Click Finished

Perform steps from 1 to 5 on active device.

B. Now login into the active device through CLI and perform the below steps.

bigip_add < peer IP>

bigip_add script uses the SSH protocol to exchange iQuery SSL certificates with the remote BIG-IP system

The bigip_add script appends the local BIG-IP DNS system’s SSL certificate to the remote BIG-IP system’s list of authorized certificates.

C.

Now login into the sandby device through CLI and perform the below steps.

bigip_add < peer IP>

Once internal device certificates are exchanged, wideip’s will come to available status.