Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Changing certificates with active ssl-proxy-list

Hallo,

we have a customer who owns round about 6000 Domains.

For more than a few domains there are ssl certificates which change from time to time...

Is there a possibility to change a certificate, add or remove it whithout suspending the proxy-list?

I think, this feature is a very basic part, because all ssl domains are not responding if the list or the service related to this list is suspended.

Do you know, if this problem is known and will be fixed in later releases?

thanks in advance,

rené

1 REPLY
New Member

Re: Changing certificates with active ssl-proxy-list

René,

As you have found out, "the only way to upgrade a cert/key pair on the CSS is to suspend the

proxy list then make the change.

However, with redundant CSS, the best way is to make cert/key changes on the backup CSS, then the other CSS. This will not disrupt service."

I have searched the archives of requests to the development team and that answer seems to be consistent. (I did not just make up the answer, it is basically a cut-and-paste of previous answers from development)

I am not aware of any effort to change this, as it is a fundamental requirement of how it was designed.

Hope that helps...

-Steve

214
Views
0
Helpful
1
Replies
CreatePlease to create content