08-31-2006 12:16 PM
In the CSS 11500 documentation for versions 7.3 and earlier, all references to self-signed certificates say that they expire in 30 days. In later versions, the documentation says both 30 days and one year. For example in this doc on version 7.4, http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_740/sslgd/certkeys.pdf , it says "A generated certificate is temporary and expires in one year" on page 4 and "A generated certificate
is temporary and expires in 30 days" on page 10. Perhaps it changed from 30 days to one year in version 7.4 and they missed the reference to it on page 10? I checked the release notes and no mention of it was made.
Solved! Go to Solution.
09-01-2006 12:03 AM
It used to be 30 days but from looking at the code, I can see that the time in version 8.10 is 1 year 1 month 1 day.
I would however recommend to use openssl on a server instead of the CSS.
This is easier to control these kind of parameters.
Thanks,
Gilles.
09-01-2006 12:03 AM
It used to be 30 days but from looking at the code, I can see that the time in version 8.10 is 1 year 1 month 1 day.
I would however recommend to use openssl on a server instead of the CSS.
This is easier to control these kind of parameters.
Thanks,
Gilles.
09-01-2006 06:16 AM
I suspected that it had been changed. Thanks for the openssl recommendation, but the ultimate goal is to offload SSL termination from the servers, which are at very high utilization, while the CSSs aren't even breathing hard. The self-signed cert is just for the test lab. Verisign certs are used in production. Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide