Before BIG-IP® systems can exchange data with one another, they need to exchange device certificates, that is, digital certificates and keys used for secure communication. For example, multiple BIG-IP systems might need to verify credentials before communicating with each other to collect performance data over a wide area network, for global traffic management.
A default device certificate and key are located in these directories on the BIG-IP system:
BIG-IP® devices use SSL certificates for authentication and communication among BIG-IP devices on the network. For this authentication and communication between BIG-IP devices to function properly, you should be aware of the following:
bigip_add (BIG-IP DNS and AAM) big3d_install (BIG-IP DNS only)
The BIG-IP® system uses a trusted device certificate or a certificate chain to authenticate another system. For example, a BIG-IP system running BIG-IP® DNS might send a request to a Local Traffic Manager™ system. In this case, the Local Traffic Manager system receiving the request checks its trusted device certificate or certificate chain to authenticate the request.
There are several tasks you can perform to manage device certificates on the BIG-IP® system.