For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SLChamberlin's avatar
SLChamberlin
Icon for Nimbostratus rankNimbostratus
Apr 24, 2014

Open HTTPS connections during SSL cert overwrite

An CA SSL cert & key were imported for use in SSL offloading and are working. The CA cert is nearing the expiration data. The plan is to import and overwrite the old cert and key with a new cert an...
application delivery
LTM
management
TMOS
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 24, 2014

if key is changed when renewing, i think you have to create new certificate and key names and then assign the new certificate and key to clientssl profile. the change could affect only new connection. the existing connection should use the old configuration.

 

sol13253: Configuration changes to local traffic objects do not affect existing connections

 

http://support.f5.com/kb/en-us/solutions/public/13000/200/sol13253.html

 

  • omniplex's avatar
    omniplex
    Icon for Nimbostratus rankNimbostratus
    Apr 24, 2014
    I've also found that depending on the version that if the cert and key are already loaded into memory, you need to do something to cause the files to be re-read. Either changing the profile to something else and then back or reloading the configuration. Depending on your setup, you could update the standby device if this is in an HA pair, and fail over to that device and then update the previous device.