replacing SSL keys and certificates for already defined services
I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.
I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.
I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).
I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.
Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?
In the previous article, we have seen, how to assign IP Address to Cisco UCS Management Interface. This way we gain access to the on-board management software called Cisco Integrated Management Controller (CIMC).
The next step of building UCS Server ...
How does everyone feel about service graphs in a brownfield network centric cutover? maybe I'm an old school engineer but I was taught that if you have to do a Pbr then your design is wrong. they are a pain to troubleshoot because you always f...
To participate in this event, please use the button to ask your questions
This special event - formerly known as Ask the Expert- is open only to Cisco Customers and Partners.
Many pages in the Cisco Community are acce...
Going to Cisco LIVE EMEAR 2020? Give your Data Center agenda a boost with these top recommended sessions. Register and join us!
Data Center Networking:
From Reactive to Proactive NetOps With Cisco Network Assurance and Insights- The Power of Data...