Replaced SSL Certs do not take effect - ACE

Unanswered Question
Jan 24th, 2009

Hi,

I have replaced the SSL certs with the other ones on ACE module. Still the old Cert pops up while accessing the webpage via SSL proxy on ACE.

I removed ssl-proxy from policy-maps. Did 'no key', 'no cert' and then added key, cert to the ssl-proxy service and put back ssl-proxy onto the policy-map.

Is something else required to ensure the change of SSL certs.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
cisco_lite Sun, 01/25/2009 - 08:54

Yes, it worked. But this option has an impact in Production. The live traffic would be affected I believe due to removing of the service policy. Any alternative ?

The 'Application Networking' forum on NetPro has slowed down quite a lot. Not many posts/exchanges are seen anymore...

Gilles Dufour Mon, 01/26/2009 - 00:38

Do you run version A2(1.3) ?

I thought this issue to remove the policy-map was fixed in that release.

G.

cisco_lite Mon, 01/26/2009 - 09:02

I am running the following version

Software

loader: Version 12.2[121]

system: Version 3.0(0)A1(6.3a) [build 3.0(0)A1(6.3a) adbuild_02:16:25-2008

Roble Mumin Mon, 01/26/2009 - 23:48

Are the cert filenames for your old and and the new one identical? If yes, try to upload the file with different name and then change it in the config. I remember a thread where that was the issue. Usually you can easily switch the certs in you production environment.

old cert: foo-bar.cert

new cert: foo-bar09.cert

That might solve your problem. You also have to change the reference to the your cert and/or the key if that should have changed as well in the ssl-proxy part of the config.

Roble

Gilles Dufour Tue, 01/27/2009 - 04:02

Ok, this confirms my suspicion.

This issue was fixed in A2(1.x)

You should upgrade if you do not want to have to remove the policy each time you update the certificate.

Actions

This Discussion