Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
689
Views
0
Helpful
3
Replies

CSS Licence Renewal

Go to solution
jchakrabarty
Level 1
Level 1

‎09-24-2014 03:20 AM

 

I have CSS11501S-C-K9 with 8.10.1.06 and certificate is expires within a week. What is the procedure to update new certificate and is there any downtime required to update certificate?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-24-2014 05:06 AM

Hi,

To renew the certificates you need to generate the CSR and go to the CA, give it that CSR and get the certificate. For details kindly visit the below link:

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/css11500series/v8-10/configuration/ssl/guide/sslgd/certkeys.html

Visit section:

Using an RSA Key to Generate a Certificate Signing Request

The link also lists procedure of importing the certificate and how to associate it with SSL-Proxy.

Also, you should do this in downtime since you won't be able to modify active SSL-List.

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

View solution in original post

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to jchakrabarty

‎09-24-2014 12:40 PM

Hi Arun,

You can use that RSA key pair to generate the CSR request and then send this request to CA for getting a certificate which you would import. And yes you can import the certificate in same name. But you would need to delete the old one. Have a look at this step by step installation:

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47781-req-serv-cert.html

Again, in your case you would need to suspend and activate the SSL proxy list.

You can also look at the expired intermediate cert replacement steps and they are good for normal cert too.

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47780-expired-verisign.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-24-2014 05:06 AM

Hi,

To renew the certificates you need to generate the CSR and go to the CA, give it that CSR and get the certificate. For details kindly visit the below link:

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/css11500series/v8-10/configuration/ssl/guide/sslgd/certkeys.html

Visit section:

Using an RSA Key to Generate a Certificate Signing Request

The link also lists procedure of importing the certificate and how to associate it with SSL-Proxy.

Also, you should do this in downtime since you won't be able to modify active SSL-List.

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

0 Helpful

Go to solution
jchakrabarty
Level 1
Level 1

‎09-24-2014 12:28 PM

Thanks Kanwal.

I already have rsa key whether I have to regenerate RSA once again or only certificate has to import.

 

Also is it allow to import certificate in the same name which is expiring now>?

 

Regards,

Arun V S

 

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to jchakrabarty

‎09-24-2014 12:40 PM

Hi Arun,

You can use that RSA key pair to generate the CSR request and then send this request to CA for getting a certificate which you would import. And yes you can import the certificate in same name. But you would need to delete the old one. Have a look at this step by step installation:

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47781-req-serv-cert.html

Again, in your case you would need to suspend and activate the SSL proxy list.

You can also look at the expired intermediate cert replacement steps and they are good for normal cert too.

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47780-expired-verisign.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents