F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Mic_108850's avatar
Mic_108850
Icon for Altostratus rankAltostratus
May 13, 2010

issue when renew certificate on BIG-IP v10.1

i renew the certificate for mydomaine   i imported the new one provided by Thawte using 'import' function on the existing certificate   it seems ok on the big-ip, i see the new...
config
design
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
May 13, 2010
Wrong terminology...

 

 

The key is is the secret part of the key pair that was created when you (Or someone else) created the CSR... (A CSR is the public key, plus attributes, e.g. cn= etc.).

 

 

The cert is the CSR that has been cryptographically signed by the CA's private key (So you can use their public key to check the signing).

 

 

It's the CERT that changes... Not the key... (For a renewal you take the same keypair and basically resubmit it to the CA for signing again wit a new expiry date - hence the cert is different). I'll reiterate again that I don't recommend reusing the same for a renewal. Much better to re-create a new keypair using the currently supported max length (Currently 2048 which is also the minimum you should be using).

 

 

H