Bug ID 974593: Rotate postgresql SSL certificate when or before it expires

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Platform(all modules)

Known Affected Versions:
7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9

Opened: Dec 16, 2020

Severity: 3-Major

Symptoms

BIG-IQ creates an alert on the Monitoring > Alerts screen with an SSL certificate expires.

Impact

High

Conditions

Always

Workaround

If BIG-IQ isn't in a high availability configuration, regenerate a new certificate by typing the following command: run ha_generate_certs -f <discovery_ip>. If BIG-IQ is currently in high availability configuration, create a certificate and install it on its peer by running the following script on the BIG-IQ on which the certificate is expired/expiring: ha_rotate_certs -i <discovery_ip> -p <peer_discovery_ip>

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips