1: After upgrading software, do I need to re-issue the certificate from CA and then generate private key ?
Answer: No, the key and certificate will remain on the CSS.
2: Can I backup existing certificate and private key to re-use/import after upgrading software ? that means I do not need to re-issue the certificate from CA.
Answer: If you want, you can export the Certificate and Key using the command "copy ssl export"
Second question:
This CSS is configured to execute SSL keepalive to real servers. After upgrading software, Does CSS recognize that real servers are ALIVE automatically or do I need some manual operation to get CSS recognized real servers are ALIVE ?
Answer: As part of the upgrade process, the CSS will reboot. Once it comes back up, keepalives will automatically begin again without any intervention.
Hope this helps.
Greg Scarlett
APAC TAC