Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Replaced SSL Certs do not take effect - ACE

Hi,

I have replaced the SSL certs with the other ones on ACE module. Still the old Cert pops up while accessing the webpage via SSL proxy on ACE.

I removed ssl-proxy from policy-maps. Did 'no key', 'no cert' and then added key, cert to the ssl-proxy service and put back ssl-proxy onto the policy-map.

Is something else required to ensure the change of SSL certs.

6 REPLIES
Cisco Employee

Re: Replaced SSL Certs do not take effect - ACE

Remove the service-policy from all interfaces and re-configure it.

Gilles.

New Member

Re: Replaced SSL Certs do not take effect - ACE

Yes, it worked. But this option has an impact in Production. The live traffic would be affected I believe due to removing of the service policy. Any alternative ?

The 'Application Networking' forum on NetPro has slowed down quite a lot. Not many posts/exchanges are seen anymore...

Cisco Employee

Re: Replaced SSL Certs do not take effect - ACE

Do you run version A2(1.3) ?

I thought this issue to remove the policy-map was fixed in that release.

G.

New Member

Re: Replaced SSL Certs do not take effect - ACE

I am running the following version

Software

loader: Version 12.2[121]

system: Version 3.0(0)A1(6.3a) [build 3.0(0)A1(6.3a) adbuild_02:16:25-2008

Bronze

Re: Replaced SSL Certs do not take effect - ACE

Are the cert filenames for your old and and the new one identical? If yes, try to upload the file with different name and then change it in the config. I remember a thread where that was the issue. Usually you can easily switch the certs in you production environment.

old cert: foo-bar.cert

new cert: foo-bar09.cert

That might solve your problem. You also have to change the reference to the your cert and/or the key if that should have changed as well in the ssl-proxy part of the config.

Roble

Cisco Employee

Re: Replaced SSL Certs do not take effect - ACE

Ok, this confirms my suspicion.

This issue was fixed in A2(1.x)

You should upgrade if you do not want to have to remove the policy each time you update the certificate.

146
Views
5
Helpful
6
Replies