Updating larger numbers of SSL certificates and keys

Question

We have an internal CA to sign certificates for non-public sites (and we got a few hundred virtual servers). When this CA was setup, keys were generated with MD5, which is considered insecure and browsers like Chrome and Firefox 16 are now rejecting these sites. So I have to regenerate keys and certificates with a new signature.&nbsp;
So I am looking for a way to automate this. I have done a little both with SOAP, but I wanted to check first with you experts which way you would do this. I can via a scrip scp the new certs and keys into /config/ssl, then I need to reload the ssl client profiles and finally sync it to the HA partner. We also use multiple partitions.&nbsp;
So .. how would you do that?&nbsp;
 &nbsp;

nitass · Answer

what bigip version are you running?

ulf_zimmermann_ · Answer

10.2.2 right now. &nbsp;

nitass · Answer

if traffic interruption is acceptable, can we use the same filename for certificate and private key and just run "b load" after uploading them to /config/ssl?

Forum Discussion

Updating larger numbers of SSL certificates and keys

3 Replies

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

failover issue between datacenters with GSLB

F5 Device Certificate renewal process on Active and Standby devices

Win 10 and Server 2016 clients will not connect. Stuck on Initializing

Version 17.5.1 as next move?

SSL Orchestrator and Traffic Flows

Related Content

Updating SSL Certificates on BIG-IP using REST API

Automating Certificate Management on F5 BIG-IP

Using bash and tmsh to make bulk updates

Automating ACMEv2 Certificate Management on BIG-IP

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS