Forum Discussion

Nimbostratus

Oct 19, 2016

Renewing SSL certificate for SSL offload - question regarding CSR creation

We are doing SSL Offload (encrypt to clients, plaintext to servers) using a cert that needs to be renewed. The server admin sent us the .crt and .key files that apparently he generated from the serve...

application delivery

LTM

AJ_01_135899
Oct 19, 2016
If you have both the key and the cert, it shouldn't matter that it was generated on the server itself. Just import them both and configure the Client SSL profile to apply to the VIP.

AJ_01_135899

Cirrostratus

Oct 19, 2016

Obviously the safe answer would be to wait until after hours.

That said, this would be a quick rollout and rollback. To make the rollout and rollback faster you could create a new Client SSL profile (assuming there's only one VIP using this Client SSL profile), and just apply the new profile to the VIP. Rollback would be reverting to the old profile.

Just for thoroughness' sake, are there any intermediate certificates in the existing Client SSL profile?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Renewing SSL certificate for SSL offload - question regarding CSR creation

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

AS3 w/ certificates and renewals..

Automating ACMEv2 Certificate Management on BIG-IP

issue with URL after certificate renewal.

Query Regarding extramb

Re: Management Certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS