Integrating BIG-IP DNS With BIG-IP LTM Using CA-Signed Certificate
The Initial State
LTM201 Initial State
- Device Certificate (System ›› Certificate Management : Device Certificate Management : Device Certificate)
- Import new CA-signed device certificate
- CN: ltm201.home.net (CA-Signed: TrustMe Intermediate CA L1M, TrustMe Root CA)
- Device Trust Certificates (System ›› Certificate Management : Device Certificate Management : Device Trust Certificates)
- CN: ltm201.home.net
DNS205 Initial State
- Device Certificate (System ›› Certificate Management : Device Certificate Management : Device Certificate)
- Import new CA-signed device certificate
- CN: gtm205.home.net (CA-Signed: TrustMe Intermediate CA L1M, TrustMe Root CA)
- Device Trust Certificates (System ›› Certificate Management : Device Certificate Management : Device Trust Certificates)
- CN: gtm205.home.net (CA-Signed)
- Trusted Server Certificates (DNS ›› GSLB : Servers : Trusted Server Certificates)
- CN: gtm205.home.net (CA-Signed)
Adding BIG-IP LTM to a network with BIG-IP DNS (Figure 2)
- DNS205: Add GSLB Object
- DNS205: bigip_add script “To exchanges SSL Device Certificates”
Issue with using “bigip_add script” (Figure 3)
- Result of “bigip_add script”
- LTM201
- System ›› … Device Trust Certificates: LTM201, GTM205
- GTM205
- System ›› … Device Trust Certificates: GTM205
- DNS ›› … Trusted Server Certificates: GTM205, LTM201
- Error log:
- gtm205.home.net err gtmd[6477]: 011ae114:3: iqmgmt_ssl_connect: SSL error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (336134278) from connection 100.0.0.11
- LTM201
- We need to import the Root CA certificate and Sub CA certificate (if there is)
- LTM201
- System ›› … Device Trust Certificates: TrustMe Intermediate CA L1M, TrustMe Root CA (Optional to have: LTM201, GTM205)
- GTM205
- System ›› … Device Trust Certificates: GTM205
- DNS ›› … Trusted Server Certificates: TrustMe Intermediate CA L1M, TrustMe Root CA (Optional to have: GTM205, LTM201)
- LTM201
0 Comments