Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

replacing SSL keys and certificates for already defined services

I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.

I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.

I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).

I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.

Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?


Re: replacing SSL keys and certificates for already defined serv

"Clear file filename "password" commad will help you to clear SSL certificates and private keys from the CSS that are no longer valid.

Please check if the below URL: could help:

CreatePlease to create content