Manual Chapter : Replace the default SSL certificate on a BIG-IQ system
Applies To:Show Versions
BIG-IQ Centralized Management
Replace the default SSL certificate on a BIG-IQ system
To perform the procedures discussed in this task, you must have Advanced Shell (bash) access to the BIG-IQ system with administrator credentials.
The BIG-IQ, data collection devices (DCDs), and BIG-IP devices all use SSL encryption to secure incoming communication. By default, F5 devices use a default, self signed certificate to authenticate themselves. When you use these default certificates and a component attempts to connect to the BIG-IQ, your browser may refuse to connect or trigger a warning against a potentially insecure connection.
Users who are managing devices running Web Application Security, and require added security (encrypted) to the connection between BIG-IP and Central Policy Builder (
Secure Policy Builderenabled), must replace the default SSL certificate with a certificate issued by a trusted CA (Certificate Authority). If the SSL certificate is not replaced, the system will be unable to provide policy suggestions once Secure Policy Builder is enabled.
Users who do not enable a secure connection do not need to perform the certificate replacement task.
To replace the default SSL certificate, review the following article: K52425065 on