03-14-2017 02:28 AM - edited 03-18-2019 12:52 PM
Hi,
My Expressway certificates are about to expire.Just wondering is there a way of adding new certs without causing an outage. Is it possible to use the original CSR requests to generate new CA signed certs or do i need to generate new CSR requests on the Expressways. I am conscious that if I generate a new CSR, the expressways will not work until the new certs are uploaded. I am trying to minimize downtime.
Thanks,
Derek
03-14-2017 07:09 AM
Hi Derek,
If you have an existing Server Certificate and you click through to generate a new CSR, the existing server certificate will continue to work.
It will place the CSR and new private key into a separate folder on the system from your current Server Certificate and current Private Key until the signed certificate is uploaded. It will then copy the new certificate you upload and new private key it stored over the top of the old server certificate and old private key.
This document should cover most of the caveats you may be looking for:
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-8/Cisco-VCS-Certificate-Creation-and-Use-Deployment-Guide-X8-8.pdf
-Jonathan
03-14-2017 07:46 AM
thanks for the response. that doc is very helpful;
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide