Solved: How to install SSL certificate on the second ACE in the HA pair

grichardson661 · ‎08-21-2012

Hi,

I'm struggling to figure out how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.

On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.

How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?

Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.

Anybody got any ideas, suggestions?

Cheers

sivaksiv · ‎08-21-2012

Yes try using the same cert on ACE02 with the key you just exported. Verify using "crypto verify .." to see if they match.

-

Siva

View solution in original post

sivaksiv · ‎08-21-2012

Hi,

If you already have the cert and key on the Active ACE, then you just need to export them using "crypto export ..." command from Active ACE and then import to the standby ACE using "crypto import ..."

Regards,

Siva

grichardson661 · ‎08-21-2012

Sweet as easy as that. I'll give it ago, cheers!

grichardson661 · ‎08-21-2012

I've managed to export the key but the CERT is none exportable. Can i use the crt file on ACE02?

Cheers

sivaksiv · ‎08-21-2012

Yes try using the same cert on ACE02 with the key you just exported. Verify using "crypto verify .." to see if they match.

-

Siva

grichardson661 · ‎08-22-2012

Thanks Sivaksiv, very helpful! Will give it ago and feedback.