matus_c_59161
Apr 19, 2013Nimbostratus
SSL certificate renewal
Hi Guys,
As in the past (in v10) I've seen the certificate re-import (i.e. overwriting a existing certificate by a new certificate) was not fully transparent to the SSL profile and the related SSL profile had to be updated in order the use the re-newed certificate (even though the certificate name was unchanged).
v11 should be OK, as it uses more sophisticated method (by automatically modifying the certificate extension in the file system while keeping the cert name unchanged in the GUI).
this happens in the background when you re-import (modify existing) certificate (or cert bundle) in v11:
directory
/config/filestore/files_d/Common_d/certificate_d
cert bundle file
before the re-import
-rw-r--r-- 1 tomcat tomcat 4374 Aug 7 2012 :Common:CA_chain.crt_1
cert bundle file
after the re-import
-rw-r--r-- 1 tomcat tomcat 19806 Apr 18 10:45 :Common:CA_chain.crt_2
the "_x" increments with every re-import.
-----------------------
v10 is a different story and therefore I would like to know how safe it is to overwrite a certificate that's currently used by a SSL profile.
Imagine you've got one SSL certificate that is used by 60 SSL profiles and that certificate expires and you have to renew it.
Can you just overwrite the existing certificate by importing the new cartificate (basically by overwriting it) without touching the SSL profile ?
Otherwise you would need to manually update all 60 SSL profiles.
Thanks