Forum Discussion
CirrusCan we just update certificate and not its key?
Hi, The certificate is going to expire. So we need to update the certificate. Do you think we still need to update its key? It looks like that the key does not have expiration. Thank you
7 Replies
- Saravanan_M_K
Employee
The certificate is going to expire. So we need to update the certificate. Do you think we still need to update its key? It looks like that the key does not have expiration.
That depends on how you renewed your certificate. Some people, generate a new pair of public/private key when they renew the certificate. In such case, the renewed certificate will be as good as a brand new certificate. In such cases, the private key will change and hence you need to import it. If you are using the same old key pair (public/private key) for the renewed certificate, then there is no need to import the key again.
Samir_Jha_52506Noctilucent
It's simple, if your vendor release certificate based on your old csr, in that case just renew certificate only. If you have generated new csr then update both(key & cert) in lb.
eesun_276598If we generate csr, how/where can we get the key?
- Samir_Jha_52506
Cool.. Log in to the Configuration utility.
Navigate to System > File Management > SSL Certificates List. Search "CSR name which you have generated on LB" example: xyz.geo.com click on "xyz.geo.com" --> You will see two tab 1. Certificate 2. Key Click on Key Tab " export it"https://support.f5.com/kb/en-us/solutions/public/14000/600/sol14620.html
- eesun_276598
That means that I can use the new certificate and the old key, right?
- Samir_Jha_52506
Match the hash checksum value before applying certificate.
Vish04_293402Nimbostratus
Yes, if the conditions mentioned above allows.
