Renewing SAN certificate with existing key via CLI

Question

I'm looking for a way to renew existing certificates that have SANs by using the existing key via command line. We have a requirement to use the existing key as we have had issues in the past by generating a new key every time. I've had a look at https://support.f5.com/kb/en-us/solutions/public/11000/400/sol11438.html on how to create a new SAN certificate however it only seems to work when creating a new key and certificate. Currently we are only requesting certs via the internal CA which doesn't have support for SANs to be added on their end so it must be included in the request. The current script that we use for renewing certs with no SANs works fine on the F5 however certs with SANs can't be properly renewed.&nbsp;
Any help would be much appriciated, I've had to look at ways to do it via tmsh or OpenSSL and there seems to be no suitable way around it. &nbsp;

iainthomson85_1 · Answer

read - https://support.f5.com/kb/en-us/solutions/public/13000/400/sol13471.html ? &nbsp;

iainthomson85_1 · Answer

Apologies , That's only when generating new Keys - 12 months ago I remember having issues with SAN renewal, but we were in a position to renew the keys in the end.&nbsp;

Forum Discussion

Renewing SAN certificate with existing key via CLI

2 Replies

Recent Discussions

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Related Content

issue with URL after certificate renewal.

Re: Management Certificate

Automating ACMEv2 Certificate Management on BIG-IP

Automate Let's Encrypt Certificates on BIG-IP

My Security+ Certification Journey