12-26-2013 06:21 PM
Hello,
I have run into the issue where stanby unit lost all configs. All has been restored and most certs and key transfered over but i have run into the issue with the wild characters names certificats. Does anyone have any suggestion how to eport them and import back to stanby unit? Example would be *.example.com i am unable to export those certificats using same name. Please help....
Solved! Go to Solution.
12-27-2013 07:20 AM
Hi,
You mean you are not able to "export" the certificate which has * in the name?
I recently opened a bug where certificate name will not accept * in the name.
CSCul56636: ACE doesn't accept certificate with * in certificate name.
Now if it was there and no upgrade happened it shouldn't be an issue. But you can try and copy the certificate from terminal and paste it in standby but don't use * in certificate name.
Let me know if that helps.
Regards,
Kanwal
12-27-2013 07:20 AM
Hi,
You mean you are not able to "export" the certificate which has * in the name?
I recently opened a bug where certificate name will not accept * in the name.
CSCul56636: ACE doesn't accept certificate with * in certificate name.
Now if it was there and no upgrade happened it shouldn't be an issue. But you can try and copy the certificate from terminal and paste it in standby but don't use * in certificate name.
Let me know if that helps.
Regards,
Kanwal
12-27-2013 08:25 AM
Thank you for this information, exacly i have certs on the active units with *. name. I i will copy from terminal certs how can i import them, i will have to use other name the *. on the stand by unit will i? Can you advice if you know how we can resolve this issue to make stanby unit back to staby hot?
Regards,
Lukasz,
12-27-2013 08:42 AM
I can not import that cert with *. name either therfore can i use different name, how this will work between active and standby will this not require same cert name? Do you know of any solution how i can sync up those * certs between active and stanby?
12-27-2013 09:39 AM
Hi,
You can use crypto import terminal and paste the cert in standby as well. But you are right. You should have the same name in standby as well. It is really weird that units running the same software version are behaving in a different way i.e one accepting the certifcate name with * in it and one is not. You can probably change on both of them. Omit * from the certificate names on both of them. Don't know of an easy way to do that. Sorry:(
Which version are you running? Can you tell me the certificate name which you trying to use and cert too? You can paste it here.
Regards,
Kanwal
12-27-2013 09:47 AM
Hello,
Thank you again for your replay, i think we have figure it out, worry here was also we will not able able to delete those *. certs.
I am running version :
Version A5(1.2) [build 3.0(0)A5(1.2)
Answer to your question why one is accepting cert and other not it is because we have migrate from old version to new one, and previously standby unit got reload and all configs and certs get erased (not sure why, we just reload that box)
What we will do is export current *. certs and import them back then change on proxy from old name to new one and do the same thing on the active stand by box. That should resolve this issue.
Thank you for your help with explaining the bug...we god now.
Regards,
12-27-2013 09:51 AM
Hi,
Yes the bug was found in that version. And you are right. That is only way here(the one you are doing) to resolve the issue.
Regards,
Kanwal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide