Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
1
Replies

SSL certificate reimport when replace appliance?

REJR77
Level 1
Level 1

‎10-20-2015 08:32 AM

Hello,

We have to replace old C160 with new C170.

C160 Appliances have their own SSL certificates for TLS.

We are going to remove one old appliance, joining a new appliance to the cluster, and the same with the second member

Do we have to reimport the certificate (end private key) when rejoining the cluster with new C170 or is it made automatically when rejoining the cluster?

Thanks

 

 

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎10-21-2015 06:28 PM

Hey Romain,

 

This would depend on how the certificate is defined on the ESA's in the cluster.

If the certificates are a SAN certificate/ Wild card which is defined at the cluster level. Then joining your new device into an existing cluster will retrieve all of this same setting and certificate.

 

However if the certificate was specific machine level certificates, what I would advise (assuming you still have the C160 in your network) go to GUI > Network > Certificates > Export the server certificates on the C160 you want to move to the new device.


Save a password etc, it will be saved in PKCS#12 format.

 

New C170 added to the cluster.

Override Cluster configuration just at the certificate section and then 'Import' the PKCS#12 certs into the ESA and putting the password that you set when you exported.

 

I hope this helps.

 

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents