Forum Discussion
NimbostratusSSL Certificate Issue
Certificate Issue, I had a message from our certificate authority
"As per Google’s blog post, you will need to replace all certificates which were issued before December 1 2017 by Symantec, Thawte, GeoTrust or RapidSSL in order to avoid browser warnings when Chrome 70 is released. Your impacted certificates are listed below."
I went on their web site and renewed the certs, when I recieved the new ones I realised I had not generated a csr, importing them does not show any keys assigned to the cert, how canI reslove this or do I have to provide a new csr to the cert autority and get new certs.
Because the issue is related to the PKI infrastructure of Symantec, Thawte, GeoTrust and RapidSSL, to be on the safe side I'd generate a CSR to create a completely new certificate/key pair.
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Since the key is generated by the old PKI infrastructure I'm not even sure it will work to use the same key but with the new certificate. Correct me if I'm wrong. :)
- Kevin_Stewart
Employee
For a CA to simply provide you a new certificate, they'd either have to have a copy of the private key, or would generate a new certificate from the original private key. My guess is they're relying on the original private key, so you'd just need to replace the certificate portion on the BIG-IP from the cert/key pair.
