08-29-2008 03:17 AM
Hi All,
I have 2 css11503's in one armed active/passive mode. I have applied ssl certs on both boxes, one of them gives me the message that key and file are not valid (works fine on primary), I've done a show ssl file and the cert in question is there, when i do a delete ssl file 'xx' it reports the file does not exist so i try to re-import and this fails because 'file already exists'!! Reboot hasn't helped. I have deleted/reimported the rsa key, has anyone else seen this? I am running version 08.10.1.06, should I upgrade to a better version?
09-01-2008 03:37 AM
it won't be a bad idea to do an upgrade to 8.1(401) has there were many improvements in that area.
In the meantime, you can try to erase the crypto files with the command :
llama
ssl clearfiles
Gilles.
09-01-2008 03:47 AM
Thanks Giles,
I opened a TAC case and finally got it resolved, I had to import a different file, copy that to the corrupt one (in llama)::
ap_file copy c:/CertStore/ssl/good.pem c:/CertStore/ssl/bad.pem
backout of llama and I could then delete the file using the 'clear ssl file xx.pem' command. The following command::
CSS11501(debug)# ap_file delete c:/CertStore/ssl/
didn't work, as it said you cannot delete Certfiles, I was trying to avoid the ssl clearfiles command (TAC's 3rd option) as there are quite a few on there and I didn't want to reconfigure the whole lot!
Finally have the app session reporting UP and no warnings about ssl configs not the same!
Toby
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: