cancel
Showing results for 
Search instead for 
Did you mean: 

F5 LTM - Change to SSL certificate if changing the Virtual Server's IP?

Yhum
Altostratus
Altostratus

Hello Everyone,

We currently have an application behind F5 Big-IP LTM and the LTM performs the SSL offloading for the application. For some valid reasons, we need to change the IP address of Virtual Server ( in fact that Virtual Server needs to move to a different network). The members/nodes will remain intact.

I'm planning to take following steps: 1) create a new Virtual Server with a new IP address 2) associate the existing pool and health monitor to the new VS 3) test application 3) update the dns record so that traffic is sent to new VS. The question I want to ask is that do I need to make any changes to SSL profile or certificate standpoint or do I need a import a new certificate or can i reuse?

 

Thanks in advance.

Regards

3 REPLIES 3

As your url is going to be the same, then you can reuse existing certificate associated with the domain. You can just map same client SSL profile to new VS and you should be good.

 

Hope it helps!

Thank you, Mayur. your input is really helpful.

As I described earlier, before the final migration, I'm planning to test the new VS without interrupting the existing VS. So question is that can I even map the same client SSL profile to both existing and new VS at the same time?

 

thanks again

Yes, you can use same client SSL profile on multiple VS at the same time.