cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
1
Replies

replacing SSL keys and certificates for already defined services

tim.metzinger
Level 1
Level 1

I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.

I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.

I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).

I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.

Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?

1 Reply 1

vmoopeung
Level 5
Level 5

"Clear file filename "password" commad will help you to clear SSL certificates and private keys from the CSS that are no longer valid.

Please check if the below URL: could help:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdGenA.html#wp1030153

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: