01-21-2009 08:31 AM
Very straightforward - you select "Configuration"/"Certificates"/"Device Certificates" - Select "New CSR" to generate the certificate signing request.
Then when you get the certificate back you select "Import Certificate and Key" to bring the cert in. You have some option depending on exactly how the cert was generated.
This will obviously replace the self signed cert that you established during the initial configuration. You can also have multiple certs if you have multiple domain names on your SSL box. Those map to virtual ports that are defined under network settings.
01-21-2009 12:43 PM
01-21-2009 05:54 PM
Oh yeah - that to
01-22-2009 01:45 AM - edited 01-22-2009 01:48 AM
i did exactly what told in here, and on the admin guide.
fr example my domain on the initial config is, "ssl.domain.com" and there is a certificate on the device for it, which is not signed,
i want to replace that with a valid signed cert so that,
i created a CSR, and send it to the CA and they send me back a file with the extension ".cer" than when i try to import it to the pending CSR part, it says unknown CSR format.
i couldnt import my cert..
any one can help?
edit: if i try to add the certification from the, "import certification and key" menu it says : Could not read certification format.
ps: i didnt want to repost on the same topic, so if this is a topic hijacking, i am deeply sorry and please let me know, i will repost immediately..
thanks in advance..
01-27-2009 03:32 AM
04-17-2014 10:44 AM - edited 04-17-2014 12:47 PM
If I want to replace an existing ssl certificate say for heart bleed remediation, should I request a new csr or renew the existing certificate?
I'm unsure how to approach the change at this time.
The existing certificate is an express certificate; I would like to at least bump it up to a non-express certificate when I do replace the certificate.
Should I use the renew option to accomplish this or new csr?
Once the csr has been issued, will this immediately break the existing ssl certificate?
04-17-2014 11:33 PM
Request a new CSR , renewing does not replace private key.
Once you recieve the new signed certificate, upload it and map the interfaces to use the new certificate, the old certificate is invalid then as it is not tied to any interfaces (external/internal etc)