LTM HA Pair SSL Certs
I have an LTM HA pair and I have been renewing the client certs on each when the certs are expiring. My question is do I need to do this to each of the pair? I have been renewing and getting a csr on lb1 and then doing the same on lb2. Am I doing twice the work. I was wondering if I did it on lb1 and then used configsync to copy it over. It would save me some time and work in my enterprise.
Hello, client certificate repository is syncronized in a HA cluster so if you need to renew client certificate you can just do it on one unit and then perform config sync. Usually, import new key first and then import new certificate. If you're creating a new object, you will also need to modify clientSSL profiles and refer the new certificate/key pair and eventually new trust chain as well.