Forum Discussion
F5_324021
Cirrus
CirrusExporting SSL Certificate to another BIG IP
Hello,
We are upgrading our F5 boxes and we need to to move all the traffic SSL certificates to a new box.
The certificates that are on the old box was signed by a CA after generating a CSR from the box itself.
Should we do the same for the new box or simply export the signed SSL traffic certificate to it without resigning the Cert from a new CSR generated from the new box.
Please advise.
Thank you.
I have done the changes successfully, and it worked by simply uploading the signed cert with the key and the cert key chain from the signed authority side.
Thanks :)
F5_Digger_13600Hi
Based on your explanation, it seems the certs are all self-signed and they are already associated with with virtual servers through client or server ssl profiles.
If that is the case, I would vote for recreating self-signed certs and key on the new box but use the same cert and key name so that you don't need to change anything from existing client or server ssl profile.
One catch would be to import certs and key first before you import client and server ssl profiles.
RaghavendraSYAltostratus
You can export certificates and key from F5-A and import in F5-B. While importing please import both certificate and key separately. It works fine and we did same in our environment
- RaghavendraSY
Import both certificate and key separately with same name.
F5_324021Hello ,
Thanks for your replies,
So no need to regenerate a CSR from the new box?
simply exporting the SSL traffic Cert and its key will work?without the CSR presented on the box?
SnlCirrostratus
you can use certificate archive option were you can select key and certificate and restore to another bigip without any issue
- F5_324021
I have done the changes successfully, and it worked by simply uploading the signed cert with the key and the cert key chain from the signed authority side.
Thanks :)