Re: updating Iapp from SHA-1 to SHA-256

In my experience --

 

My unfiltered thoughts: A cert is a cert no matter how / where it is made.

 

To modify the certificate to SHA-256, you "renew" the certificate and apply for a new SHA-256 certificate with the same CN and SAN's. --or modified / new SAN's

 

OR -- Create a new SSL profile with the SHA256 certificate and apply it to the VS's you want updated.

 

When you receive the new certificate: Paste in the hash to the certificate you renewed.

 

I have updated hundreds of SSL profiles with expired certs, with the same CN and SAN's or modified SAN. When one connects to a VIP, their session has already negotiated. When you apply the new certificate, everyone after the modification will then use the SHA-256.

 

-- Before I left my last job, I tested this with success. --No calls ha!

 

My cheat

 

I use the F5 to create all of my certificates. :) Cuts down on the time to type the commands.. haha!

 

-Just don't convert it to FIPS or you are Skeee Rewwwed! You can export the Certs to whatever server you want.