Skip to main content

F5003 - F5 BIG-IP TLS/SSL Certificate Error

Agent error code #F5003 indicates that the TLS handshake with the F5 BIG-IP management endpoint failed. The agent reached the device but could not verify its certificate.

Common causes include:

  • The BIG-IP presents its default self-signed management certificate, which is not signed by a trusted CA
  • The certificate is expired, or its subject/SAN does not match the hostname in the Knocknoc backend URL
  • The agent host does not trust the CA that signed the management certificate

Steps to Resolve

Use a Trusted Management Certificate (recommended)

  1. Install a management certificate on the BIG-IP signed by a CA the agent host trusts
  2. Ensure the certificate's subject or SAN matches the hostname used in the Knocknoc backend URL

Or Allow the Self-Signed Certificate

  1. In the Knocknoc backend configuration for the F5 Knoc, enable the Insecure option to skip certificate verification
  2. Save and retry. Only do this on a trusted management network

Still Having Issues?

We can help you out, contact us at [email protected].