Re: ACE MOD20 A2(3.0) Can't seem to get rid of expired CERTs.

geraldjacksontx · ‎08-29-2012

I created expired certs. Did my setup. Everything is working, but found that I had created the certs with expired CERTS.

I recreated the certs for a future date. I do a sh crypto cert all. They show the proper day. Tested it with a broswer and it is the old dates.

I remove the policy multi

no class

no ssl prox

Re imported the cert and configs and still show the old dates.

Unfortually this is in Operations and I can't reboot.

Jorge Bejarano · ‎08-29-2012

Hi Cecil,

Did you try to remove all the old certificates from the ssl-proxy server and also from the configuration like this:

# crypto delete MYRASKEY.PEM

can you show #show crypto crl all and #show crypto files?

Jorge

Jorge Bejarano · ‎08-30-2012

You can try this as well.

#############################################################################################

-Make sure new certificates were updated in the standby as well

-Manually toggle the ft to synchronize the certificates:

ACE-71/Admin(config)# no ft auto-sync running-config

ACE-71/Admin(config)# no ft auto-sync startup-config

ACE-71/Admin(config)# ft auto-sync running-config

ACE-71/Admin(config)# ft auto-sync startup-config

-Check the validity of the certificate and the key like this:

# crypto verify tac-key tac-cert

Keypair in tac-key matches certificate in tac-cert.

-finally you can bounce the ssl proxy service and that updates the certificates in the browser

#############################################################################################

Jorge