Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
0
Helpful
1
Replies

replacing SSL keys and certificates for already defined services

tim.metzinger
Level 1
Level 1

‎08-14-2009 07:03 AM

I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.

I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.

I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).

I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.

Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?

Labels:
0 Helpful
1 Reply 1

vmoopeung
Level 5
Level 5

‎08-20-2009 07:50 AM

"Clear file filename "password" commad will help you to clear SSL certificates and private keys from the CSS that are no longer valid.

Please check if the below URL: could help:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdGenA.html#wp1030153

0 Helpful
Customers Also Viewed These Support Documents