replacing SSL keys and certificates for already defined services

Unanswered Question

I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.

I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.

I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).

I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.

Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion