Forum Discussion
In my experience --
My unfiltered thoughts: A cert is a cert no matter how / where it is made.
To modify the certificate to SHA-256, you "renew" the certificate and apply for a new SHA-256 certificate with the same CN and SAN's. --or modified / new SAN's
OR -- Create a new SSL profile with the SHA256 certificate and apply it to the VS's you want updated.
When you receive the new certificate: Paste in the hash to the certificate you renewed.
I have updated hundreds of SSL profiles with expired certs, with the same CN and SAN's or modified SAN. When one connects to a VIP, their session has already negotiated. When you apply the new certificate, everyone after the modification will then use the SHA-256.
-- Before I left my last job, I tested this with success. --No calls ha!
My cheat
I use the F5 to create all of my certificates. :) Cuts down on the time to type the commands.. haha!
-Just don't convert it to FIPS or you are Skeee Rewwwed! You can export the Certs to whatever server you want.