Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CSS self-signed cert expiration, 30 days or 1 year?

In the CSS 11500 documentation for versions 7.3 and earlier, all references to self-signed certificates say that they expire in 30 days. In later versions, the documentation says both 30 days and one year. For example in this doc on version 7.4, http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_740/sslgd/certkeys.pdf , it says "A generated certificate is temporary and expires in one year" on page 4 and "A generated certificate

is temporary and expires in 30 days" on page 10. Perhaps it changed from 30 days to one year in version 7.4 and they missed the reference to it on page 10? I checked the release notes and no mention of it was made.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSS self-signed cert expiration, 30 days or 1 year?

It used to be 30 days but from looking at the code, I can see that the time in version 8.10 is 1 year 1 month 1 day.

I would however recommend to use openssl on a server instead of the CSS.

This is easier to control these kind of parameters.

Thanks,

Gilles.

2 REPLIES
Cisco Employee

Re: CSS self-signed cert expiration, 30 days or 1 year?

It used to be 30 days but from looking at the code, I can see that the time in version 8.10 is 1 year 1 month 1 day.

I would however recommend to use openssl on a server instead of the CSS.

This is easier to control these kind of parameters.

Thanks,

Gilles.

New Member

Re: CSS self-signed cert expiration, 30 days or 1 year?

I suspected that it had been changed. Thanks for the openssl recommendation, but the ultimate goal is to offload SSL termination from the servers, which are at very high utilization, while the CSSs aren't even breathing hard. The self-signed cert is just for the test lab. Verisign certs are used in production. Thanks!

113
Views
0
Helpful
2
Replies
CreatePlease to create content