Forum Discussion
IainThomson85_1
Sep 08, 2016Cumulonimbus
You could, but you'd need to be reasonably confident with UNix on the back end and copy the "New SSL" Cert and overwrite the old one. (Moving the existing first to a tmp folder)
What I would suggest. Import your new keys/cert pairs (I know there may be a lot) - Append the name with _2016 for example. Create new SSL profiles which default from the existing profiles, but change key/cert used. Attach your new profiles to your vips.
This way you're protecting yourself from a rollback perspective, you may just need to rollback services that are affected.
Its a difficult one, but once you've done 1, (I suggest doing it via TMSH) the rest should flow pretty easily.