Forum Discussion
Replacing/updating multiple cert/key pairs
What I tend to do is to create a tgz with the same folder structure as when exporting certs via the archive function and put all the new certs and keys in there with new names based on their subject-expiration year. i.e. one folder named ssl.crt and one named ssl.key. I then import that.
You could also upload them via sftp and import them with
tmsh install crypto key from-file-location
and tmsh install crypto cert from-file-location
.
Then from there I just script the replacing of the cert, key, and chain(if necessary) of the client ssl profile
tmsh modify ltm profile client-ssl cert-key-chain replace-all-with { {cert key chain }}
You could also easily do this via iControl as well is you wanted to. The reason you have to do this is you can not replace a key that is currently in use in a profile. You can replace a cert if it is generated from the existing key as this would be considered a renewal.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com