01-24-2009 04:29 AM
Hi,
I have replaced the SSL certs with the other ones on ACE module. Still the old Cert pops up while accessing the webpage via SSL proxy on ACE.
I removed ssl-proxy from policy-maps. Did 'no key', 'no cert' and then added key, cert to the ssl-proxy service and put back ssl-proxy onto the policy-map.
Is something else required to ensure the change of SSL certs.
01-25-2009 08:14 AM
Remove the service-policy from all interfaces and re-configure it.
Gilles.
01-25-2009 08:54 AM
Yes, it worked. But this option has an impact in Production. The live traffic would be affected I believe due to removing of the service policy. Any alternative ?
The 'Application Networking' forum on NetPro has slowed down quite a lot. Not many posts/exchanges are seen anymore...
01-26-2009 12:38 AM
Do you run version A2(1.3) ?
I thought this issue to remove the policy-map was fixed in that release.
G.
01-26-2009 09:02 AM
I am running the following version
Software
loader: Version 12.2[121]
system: Version 3.0(0)A1(6.3a) [build 3.0(0)A1(6.3a) adbuild_02:16:25-2008
01-26-2009 11:48 PM
Are the cert filenames for your old and and the new one identical? If yes, try to upload the file with different name and then change it in the config. I remember a thread where that was the issue. Usually you can easily switch the certs in you production environment.
old cert: foo-bar.cert
new cert: foo-bar09.cert
That might solve your problem. You also have to change the reference to the your cert and/or the key if that should have changed as well in the ssl-proxy part of the config.
Roble
01-27-2009 04:02 AM
Ok, this confirms my suspicion.
This issue was fixed in A2(1.x)
You should upgrade if you do not want to have to remove the policy each time you update the certificate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide