Forum Discussion
elastic_82555
Nimbostratus
NimbostratusCannot Renew Certifcate and private key ( but keep the same name in F5 config )
Hi,
Am trying to renew the wildcard certificate for our main domain. The CSR is generated elsewhere ( ie not on the F5 ), and have the cert/key from a CA already. The current certificate/key is ...
So another option could be that you create a new certificate and key pair, and then manually edit /config/bigip.conf and replace every instance of the previous certificate and key with the new certificate and key in each of your SSL profiles. Once done, perform a 'tmsh load sys config'. This might also be a bit tedious, but less so than doing it by clicking through the GUI.
elastic_82555Nimbostratus
NimbostratusHi, Ok today I was able to flip over from active to standby. Synchronized both F5's after the flip from active to standy ( standby had the config changes ). On both F5's the certificate seems to be the correct one ( checking the serial number ). However all the VS's are still supplying the old certifcate ( verified by the old serial number still being present ). Have cleared browser caches, and indeed used a virgin vm with a browser, and yes the old certificate is still being served. Seems like something else needs to be done. Ideas welcomed. ( am looking into it at the moment )
- elastic_82555Hi, sorry folks, this was a false alarm, the process I discribed works exactly as is. Had some issues locally with old iApps that are no longer used ( DNS pointing to other F5 ). This was the reason for above comment, and maybe I should have done more testing before posting. Lesson learned. Anyway process all good, and both F5's working, with new certificate.
Cory_50405Noctilucent
Good to hear. Thanks for following up.