×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Changing certificates with active ssl-proxy-list

Unanswered Question
Feb 10th, 2004
User Badges:

Hallo,


we have a customer who owns round about 6000 Domains.

For more than a few domains there are ssl certificates which change from time to time...

Is there a possibility to change a certificate, add or remove it whithout suspending the proxy-list?


I think, this feature is a very basic part, because all ssl domains are not responding if the list or the service related to this list is suspended.


Do you know, if this problem is known and will be fixed in later releases?


thanks in advance,


rené


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stevehall Wed, 02/11/2004 - 09:43
User Badges:

René,


As you have found out, "the only way to upgrade a cert/key pair on the CSS is to suspend the

proxy list then make the change.


However, with redundant CSS, the best way is to make cert/key changes on the backup CSS, then the other CSS. This will not disrupt service."


I have searched the archives of requests to the development team and that answer seems to be consistent. (I did not just make up the answer, it is basically a cut-and-paste of previous answers from development)


I am not aware of any effort to change this, as it is a fundamental requirement of how it was designed.



Hope that helps...


-Steve


Actions

This Discussion