Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
0
Helpful
1
Replies

What is the consideration about SSL when upgrading CSS software

snakayama
Level 3
Level 3

‎06-19-2007 09:46 PM

Hi everyone,

I plan to upgrade CSS software from 07.30.1.06 to 07.50.3.03. The SSL module is installed in this CSS and CSS uses certificate from CA for user authentication.

So I would like to know what the answer for the following two question are.

First question:

1: After upgrading software, do I need to re-issue the certificate from CA and then generate private key ?

and/or

2: Can I backup existing certificate and private key to re-use/import after upgrading software ? that means I do not need to re-issue the certificate from CA.

and/or

3: Is the certificate maintained on CSS disk even after upgrading software ? that means I do not need to re-issue the certificate from CA and also backup certificate.

Second question:

This CSS is configured to execute SSL keepalive to real servers. After upgrading software, Does CSS recognize that real servers are ALIVE automatically or do I need some manual operation to get CSS recognized real servers are ALIVE ?

Would you please let me know if you have any comment and any information.

Best regards,

Shinichi

Labels:
0 Helpful
1 Reply 1

Gregory Scarlett
Cisco Employee
Cisco Employee

‎06-20-2007 04:11 AM

1: After upgrading software, do I need to re-issue the certificate from CA and then generate private key ?

Answer: No, the key and certificate will remain on the CSS.

2: Can I backup existing certificate and private key to re-use/import after upgrading software ? that means I do not need to re-issue the certificate from CA.

Answer: If you want, you can export the Certificate and Key using the command "copy ssl export"

Second question:

This CSS is configured to execute SSL keepalive to real servers. After upgrading software, Does CSS recognize that real servers are ALIVE automatically or do I need some manual operation to get CSS recognized real servers are ALIVE ?

Answer: As part of the upgrade process, the CSS will reboot. Once it comes back up, keepalives will automatically begin again without any intervention.

Hope this helps.

Greg Scarlett

APAC TAC

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents