Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS Licence Renewal

 

I have CSS11501S-C-K9 with 8.10.1.06 and certificate is expires within a week. What is the procedure to update new certificate and is there any downtime required to update certificate?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Hi,To renew the certificates

Hi,

To renew the certificates you need to generate the CSR and go to the CA, give it that CSR and get the certificate. For details kindly visit the below link:

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/css11500series/v8-10/configuration/ssl/guide/sslgd/certkeys.html

Visit section:

Using an RSA Key to Generate a Certificate Signing Request

The link also lists procedure of importing the certificate and how to associate it with SSL-Proxy.

Also, you should do this in downtime since you won't be able to modify active SSL-List.

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

Cisco Employee

Hi Arun,You can use that RSA

Hi Arun,

You can use that RSA key pair to generate the CSR request and then send this request to CA for getting a certificate which you would import. And yes you can import the certificate in same name. But you would need to delete the old one. Have a look at this step by step installation:

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47781-req-serv-cert.html

Again, in your case you would need to suspend and activate the SSL proxy list.

You can also look at the expired intermediate cert replacement steps and they are good for normal cert too.

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47780-expired-verisign.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

3 REPLIES
Cisco Employee

Hi,To renew the certificates

Hi,

To renew the certificates you need to generate the CSR and go to the CA, give it that CSR and get the certificate. For details kindly visit the below link:

http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/data_center_app_services/css11500series/v8-10/configuration/ssl/guide/sslgd/certkeys.html

Visit section:

Using an RSA Key to Generate a Certificate Signing Request

The link also lists procedure of importing the certificate and how to associate it with SSL-Proxy.

Also, you should do this in downtime since you won't be able to modify active SSL-List.

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

 

New Member

Thanks Kanwal.I already have

Thanks Kanwal.

I already have rsa key whether I have to regenerate RSA once again or only certificate has to import.

 

Also is it allow to import certificate in the same name which is expiring now>?

 

Regards,

Arun V S

 

Cisco Employee

Hi Arun,You can use that RSA

Hi Arun,

You can use that RSA key pair to generate the CSR request and then send this request to CA for getting a certificate which you would import. And yes you can import the certificate in same name. But you would need to delete the old one. Have a look at this step by step installation:

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47781-req-serv-cert.html

Again, in your case you would need to suspend and activate the SSL proxy list.

You can also look at the expired intermediate cert replacement steps and they are good for normal cert too.

http://www.cisco.com/c/en/us/support/docs/application-networking-services/css-11500-series-content-services-switches/47780-expired-verisign.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

63
Views
0
Helpful
3
Replies
CreatePlease login to create content