Forum Discussion
I raised a ticket with F5 support to verify, their response:
F5: You can import the new certificate and key as new SSL objects, and then edit the appropriate SSL profiles to use the new certificate/key and chain.
I Asked: but what if that cert is used in many ssl profiles?
F5: Unfortunately, you will need to identify and update all those SSL profiles. I'd also recommend consolidating those profiles (where possible) to reduce the number of unique ssl profiles that use the same key/certificate/chain.
We have no mechanism to set the key and certificate simultaneously apart from creating a new SSL key and certificate from the PEM file. Attempting to update either the key or the certificate will cause a validation failure and prevent the operation from completing. As you note, replacing a certificate generated from the same key is a seamless operation which does not require that SSL profiles have to be updated.
I'm sorry I do not have any better approach for you to try
Hi Peter,
That all seems correct to me unfortunately. If you need help identifying, perhaps use TMSH?tmsh list ltm profile client-ssl all | grep -i 'profile\|.crt'
So for certificate named default.crt:
tmsh list ltm profile client-ssl all | grep -i 'profile\|default.crt'