Updating larger numbers of SSL certificates and keys

Question

We have an internal CA to sign certificates for non-public sites (and we got a few hundred virtual servers). When this CA was setup, keys were generated with MD5, which is considered insecure and browsers like Chrome and Firefox 16 are now rejecting these sites. So I have to regenerate keys and certificates with a new signature.&nbsp;
So I am looking for a way to automate this. I have done a little both with SOAP, but I wanted to check first with you experts which way you would do this. I can via a scrip scp the new certs and keys into /config/ssl, then I need to reload the ssl client profiles and finally sync it to the HA partner. We also use multiple partitions.&nbsp;
So .. how would you do that?&nbsp;
 &nbsp;

nitass · Answer

what bigip version are you running?

ulf_zimmermann_ · Answer

10.2.2 right now. &nbsp;

nitass · Answer

if traffic interruption is acceptable, can we use the same filename for certificate and private key and just run "b load" after uploading them to /config/ssl?

Forum Discussion

Updating larger numbers of SSL certificates and keys

3 Replies

Recent Discussions

iRule resulting in too many redirects

ASM cookie, modifying "domain" field

URL

service profile HTTP in LTM v16.1?

Azure SAML - F5 APM

Related Content

Auditing Security Policy Updates

Automating ACMEv2 Certificate Management on BIG-IP

Device certificate Issuer and other information not updating on the browser's certificate details

Re: Management Certificate

Number of DCDs