Replaced SSL Certs do not take effect - ACE

Unanswered Question
Jan 24th, 2009
User Badges:


I have replaced the SSL certs with the other ones on ACE module. Still the old Cert pops up while accessing the webpage via SSL proxy on ACE.

I removed ssl-proxy from policy-maps. Did 'no key', 'no cert' and then added key, cert to the ssl-proxy service and put back ssl-proxy onto the policy-map.

Is something else required to ensure the change of SSL certs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Gilles Dufour Sun, 01/25/2009 - 08:14
User Badges:
  • Cisco Employee,

Remove the service-policy from all interfaces and re-configure it.


cisco_lite Sun, 01/25/2009 - 08:54
User Badges:

Yes, it worked. But this option has an impact in Production. The live traffic would be affected I believe due to removing of the service policy. Any alternative ?

The 'Application Networking' forum on NetPro has slowed down quite a lot. Not many posts/exchanges are seen anymore...

Gilles Dufour Mon, 01/26/2009 - 00:38
User Badges:
  • Cisco Employee,

Do you run version A2(1.3) ?

I thought this issue to remove the policy-map was fixed in that release.


cisco_lite Mon, 01/26/2009 - 09:02
User Badges:

I am running the following version


loader: Version 12.2[121]

system: Version 3.0(0)A1(6.3a) [build 3.0(0)A1(6.3a) adbuild_02:16:25-2008

Roble Mumin Mon, 01/26/2009 - 23:48
User Badges:
  • Bronze, 100 points or more

Are the cert filenames for your old and and the new one identical? If yes, try to upload the file with different name and then change it in the config. I remember a thread where that was the issue. Usually you can easily switch the certs in you production environment.

old cert: foo-bar.cert

new cert: foo-bar09.cert

That might solve your problem. You also have to change the reference to the your cert and/or the key if that should have changed as well in the ssl-proxy part of the config.


Gilles Dufour Tue, 01/27/2009 - 04:02
User Badges:
  • Cisco Employee,

Ok, this confirms my suspicion.

This issue was fixed in A2(1.x)

You should upgrade if you do not want to have to remove the policy each time you update the certificate.


This Discussion