Ross_Beehler
Nov 13, 2021Nimbostratus
Rotate SSL Cert and Encrypted Key with iControl REST API
I'm trying to rotate SSL Certs and Encrypted Keys (i.e. those protected with a passphrase) using the iControl REST API. If the Cert and Key are in use on a Client SSL Profile (the very normal situation), I get the error "error:0906A068:PEM routines:PEM_do_header:bad password read" when patching
/mgmt/tm/sys/file/ssl-key
. What is the correct procedure to rotate in this scenario?Also, since I believe I have to update the passphrase on the Client SSL Profile, does that mean there may be a downtime for any Virtual Servers using that profile? I see a warning about this in K15462: Managing SSL certificates for BIG-IP systems using tmsh but not in K14620: Manage SSL certificates for BIG-IP systems using the Configuration utility, though neither of those articles speak to the iControl REST API.