Forum Discussion

elastic_82555's avatar
elastic_82555
Icon for Nimbostratus rankNimbostratus
Apr 16, 2014

Cannot Renew Certifcate and private key ( but keep the same name in F5 config )

Hi, Am trying to renew the wildcard certificate for our main domain. The CSR is generated elsewhere ( ie not on the F5 ), and have the cert/key from a CA already. The current certificate/key is ...
ASM Advanced WAF
devops
iApps
management
security
  • Cory_50405's avatar
    Cory_50405
    Apr 16, 2014

    So another option could be that you create a new certificate and key pair, and then manually edit /config/bigip.conf and replace every instance of the previous certificate and key with the new certificate and key in each of your SSL profiles. Once done, perform a 'tmsh load sys config'. This might also be a bit tedious, but less so than doing it by clicking through the GUI.

     

Cyril_M's avatar
Cyril_M
Icon for Altostratus rankAltostratus
Oct 01, 2014

Hi, what I would do in your case is 1- synchronize active and passive devices 2- use the passive device for your manipulation 3- force the passive device to "push config to group" and your main device will have the proper configuration

 

Regarding the step 2, if you want to use the GUI you'll have to delete the certificate & key, then recreate it with the same name ... Possible only if prior to this operation you removed the certificate from the SSL profiles that use it ... If it's too long using GUI you'll have to edit the bigip.conf and use "sed" to replace what you want to replace :)

 

cheers

 

Related Content