What is the consideration about SSL when upgrading CSS software

Unanswered Question
Jun 19th, 2007

Hi everyone,

I plan to upgrade CSS software from 07.30.1.06 to 07.50.3.03. The SSL module is installed in this CSS and CSS uses certificate from CA for user authentication.

So I would like to know what the answer for the following two question are.

First question:

1: After upgrading software, do I need to re-issue the certificate from CA and then generate private key ?

and/or

2: Can I backup existing certificate and private key to re-use/import after upgrading software ? that means I do not need to re-issue the certificate from CA.

and/or

3: Is the certificate maintained on CSS disk even after upgrading software ? that means I do not need to re-issue the certificate from CA and also backup certificate.

Second question:

This CSS is configured to execute SSL keepalive to real servers. After upgrading software, Does CSS recognize that real servers are ALIVE automatically or do I need some manual operation to get CSS recognized real servers are ALIVE ?

Would you please let me know if you have any comment and any information.

Best regards,

Shinichi

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gregory Scarlett Wed, 06/20/2007 - 04:11

1: After upgrading software, do I need to re-issue the certificate from CA and then generate private key ?

Answer: No, the key and certificate will remain on the CSS.

2: Can I backup existing certificate and private key to re-use/import after upgrading software ? that means I do not need to re-issue the certificate from CA.

Answer: If you want, you can export the Certificate and Key using the command "copy ssl export"

Second question:

This CSS is configured to execute SSL keepalive to real servers. After upgrading software, Does CSS recognize that real servers are ALIVE automatically or do I need some manual operation to get CSS recognized real servers are ALIVE ?

Answer: As part of the upgrade process, the CSS will reboot. Once it comes back up, keepalives will automatically begin again without any intervention.

Hope this helps.

Greg Scarlett

APAC TAC

Actions

This Discussion