The BIG-IQ, data collection devices (DCDs), and BIG-IP devices all use SSL encryption to secure incoming communication. By default, F5 devices use a default, self signed certificate to authenticate themselves. When you use these default certificates and a component attempts to connect to the BIG-IQ, your browser may refuse to connect or trigger a warning against a potentially insecure connection.
Users who are managing devices running Web Application Security, and require added security (encrypted) to the connection between BIG-IP and Central Policy Builder (
Secure Policy Builder
enabled), must replace the default SSL certificate with a certificate issued by a trusted CA (Certificate Authority). If the SSL certificate is not replaced, the system will be unable to provide policy suggestions once Secure Policy Builder is enabled.
Users who do not enable a secure connection do not need to perform the certificate replacement task.
To replace the default SSL certificate, review the following article: K52425065