Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Changing certificates with active ssl-proxy-list


we have a customer who owns round about 6000 Domains.

For more than a few domains there are ssl certificates which change from time to time...

Is there a possibility to change a certificate, add or remove it whithout suspending the proxy-list?

I think, this feature is a very basic part, because all ssl domains are not responding if the list or the service related to this list is suspended.

Do you know, if this problem is known and will be fixed in later releases?

thanks in advance,


New Member

Re: Changing certificates with active ssl-proxy-list


As you have found out, "the only way to upgrade a cert/key pair on the CSS is to suspend the

proxy list then make the change.

However, with redundant CSS, the best way is to make cert/key changes on the backup CSS, then the other CSS. This will not disrupt service."

I have searched the archives of requests to the development team and that answer seems to be consistent. (I did not just make up the answer, it is basically a cut-and-paste of previous answers from development)

I am not aware of any effort to change this, as it is a fundamental requirement of how it was designed.

Hope that helps...


CreatePlease to create content