Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
59
Views
0
Helpful
0
Replies

NS-OS crypto certificate renewal

dmgeurts
Level 1
Level 1

‎07-05-2024 02:02 AM

While there are numerous sources out there detailing how to configure a trustpoint and add a ca and certificate to it. I've yet to find any details about updating a certificate once it expires.

Some of the things we've tried or considered:

  • Re-import the cert using pkcs12 file import: fails because the key already exists.
  • Delete the cert from the truststore: Last generic identity certificate for the switch. Delete not allowed. Please use force option if required.
  • Add a second truststore, which trusts the same CA. It seems cumbersome to me if one has to create a new truststore each time a certificate needs to be renewed. Plus this requires reconfiguration of a service when a certificate is renewed, which would make for a complex automation process.
  • Use the bash shell to manipulate the cert file. I'm not sure how a service like GRPC would then pick up the updated cert, as I'm not sure if the cert is read from file or config.

Surely there's an easy way to do this? Or does everyone just configure their GRPC clients to ignore invalid certificates?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents