Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
3
Replies

ACE SSL - Modifying certs and keys

Go to solution
lou_young
Level 1
Level 1

‎03-26-2008 04:45 PM

I'm having a problem updating the certs and keys I have in my ssl-proxy service.

My cert is about to expire and I've purchased a new cert. I've uploaded the new cert and key, but I still see the old cert when I go to the VIP with my browser. I thought that by deleting the proxy-service and re-adding I could get the ACE to recognize that it's got new certs but that didn't seem to work.

Is there a trick to make the ACE see the new certs? Does it cache the certs instead of reading them from flash? What's going on here.

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roble Mumin
Level 3
Level 3

‎03-26-2008 04:58 PM

I changed my certs hot while the application was still running worked like a charm.

What i did was.

- import the new certificate into the crypto store (pkcs12)

- prepare a textfile with the necessary commands

no key old

key new

no cert old

cert new

- paste the commands into the running config.

I had several Customers and Application Admins test the App. while i was changing certs. They didn't even notice something happened. After approx. 60 seconds all new connections were using the new cert old connections were using the old cert. No trouble at all.

And yes the ACE caches the certs if i am not mistaken.

If you want to make sure that it works just create a test context or try it on a test farm first. That's what i did prior to changing the certs and the config on the production enviroment.

Hope it helps.

Roble

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Roble Mumin
Level 3
Level 3

‎03-26-2008 04:58 PM

I changed my certs hot while the application was still running worked like a charm.

What i did was.

- import the new certificate into the crypto store (pkcs12)

- prepare a textfile with the necessary commands

no key old

key new

no cert old

cert new

- paste the commands into the running config.

I had several Customers and Application Admins test the App. while i was changing certs. They didn't even notice something happened. After approx. 60 seconds all new connections were using the new cert old connections were using the old cert. No trouble at all.

And yes the ACE caches the certs if i am not mistaken.

If you want to make sure that it works just create a test context or try it on a test farm first. That's what i did prior to changing the certs and the config on the production enviroment.

Hope it helps.

Roble

0 Helpful

Go to solution
lou_young
Level 1
Level 1
In response to Roble Mumin

‎03-26-2008 05:08 PM

Thanks.

I'm using the same filenames to try and keep my certs for all my site managable. Maybe using a different file name and doing the "no cert old" - "cert new" thing will make it recognize the new cert.

I'll give that a try.

Thanks again!

0 Helpful

Go to solution
lou_young
Level 1
Level 1
In response to Roble Mumin

‎03-26-2008 05:16 PM

That did the trick. I think the new filename is key.

Thanks a bunch!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents