Forum Discussion

John_Van_Zant's avatar
Icon for Altostratus rankAltostratus
Aug 29, 2022

LTM HA Pair SSL Certs

Hi all, I have an LTM HA pair and I have been renewing the client certs on each when the certs are expiring.  My question is do I need to do this to each of the pair?  I have been renewing and getti...
  • CA_Valli's avatar
    Aug 30, 2022

    Hello, client certificate repository is syncronized in a HA cluster so if you need to renew client certificate you can just do it on one unit and then perform config sync. Usually, import new key first and then import new certificate. If you're creating a new object, you will also need to modify clientSSL profiles and refer the new certificate/key pair and eventually new trust chain as well. 

  • Mohamed_Salah_'s avatar
    Aug 30, 2022


    Sorry, I though he was asking about the device certificate itself. For the client ceritificate for any service, it can be synced betwen the HA pair as CA_Valli mentioned.