Forum Discussion
elastic_82555
Nimbostratus
NimbostratusCannot Renew Certifcate and private key ( but keep the same name in F5 config )
Hi,
Am trying to renew the wildcard certificate for our main domain. The CSR is generated elsewhere ( ie not on the F5 ), and have the cert/key from a CA already. The current certificate/key is ...
So another option could be that you create a new certificate and key pair, and then manually edit /config/bigip.conf and replace every instance of the previous certificate and key with the new certificate and key in each of your SSL profiles. Once done, perform a 'tmsh load sys config'. This might also be a bit tedious, but less so than doing it by clicking through the GUI.
elastic_82555Nimbostratus
NimbostratusCory, Deleting key or cert is not possible, as they are in use. So, F5 ( by design ) does not let you do this.
afedden, Yes, you can do this, but, and here is maybe a design issue for me, all my iApps use a different ssl profile. So, every iApp has a unique ssl profile ( maybe not my finiest moment of design ). So, maybe there is where the uniqueness of my issue comes. I opted to have one ssl profile per iApp. Now I have several hundred iApps and several hundred ssl profiles. Yes, seems crazy now written down, and hindsight is a wonderfull thing, but the basic issue, is a simple change of certificate/key has turned into a pretty major change affecting every iAPP.