Importing SSL Cert/ Possible Downtime

Question

Good morning,&nbsp;
I've been tasked to import an SSL Certificate onto our F5's. It contains DNS entries for our CAS Exchange Servers. I'm using the following Article to catch me up to speed:&nbsp;
https://support.f5.com/csp/article/K146203&nbsp;
I haven't come across it yet, but if I replace our current SSL Cert with this new one, does it take effect immediately? Also, is there any down time needed for the F5's after importing and applying the cert?&nbsp;

chris_grant · Answer

The new cert will immediately replace the old cert and will be used for all new connections moving forward.  We will not renegotiate existing connections.  This should not impact traffic.  From the SOL you link:&nbsp;

Important: Existing connections continue to use the old SSL certificate until the connection completes, are renegotiated, or TMM is restarted.&nbsp;
Note: When using this procedure to import a renewed SSL certificate, you must choose a unique Name. Consider appending the current year for easier accountability. For example, name the SSL certificate example_2017.&nbsp;
Impact of procedure: Performing the following procedure should not have any impact to the existing traffic and new traffic will utilize the new certificate.&nbsp;

Forum Discussion

Importing SSL Cert/ Possible Downtime

1 Reply

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Pool downtime query

Security for IoT Devices and Why It’s Important

import f5!

Import certificate as pfx format

How to tackle the downtime for maintenance of nginx