...
- Generate the new local certificate by performing the steps used to generate the old certificate. Use the same Subject and SAN/CN details used in the old certificate and use the old certificate CSR file to generate the new certificate. To import the local certificates refer to PKI Security - CLI - > Local-InternalCertificatesInternal Certificates.
- Sign the new local certificate by the same CA that was used to sign the old certificate with a prolonged validity.
Import the new local certificate to SBC and enable it.
Code Block |
---|
set system security pki certificate <NEW PKI Certificate Name > fileName <p12 filename> type local passPhrase <passPhrase> state enabled |
- Find all TLS profiles with the current local certificate.
Schedule a maintenance window to replace the old certificate with the new certificate in all TLS profiles that use the old/expired certificate and delete the old certificate.
Code Block |
---|
set profiles security tlsProfile <Existing TLS Profile Name> serverCertName/clientCertName <NEW PKI Certificate Name>
set system security pki certificate < OLD PKI Certificate Name> state disable
delete system security pki certificate <OLD PKI Certificate Name>
commit |
...
- Generate the new local-internal certificate with the same procedure used to generate the old certificate. Use the same Subject and SAN/CN details used in the old certificate to generate a new CSR or use the old certificate CSR file to generate the new Local-Internal certificate. To create and configure a new Local-Internal Certificate, refer to Generating PKI Certificates.
- Sign the new Local-Internal certificate by the same CA that was used to sign the old certificate with a prolonged validity.
- Import the new Local-Internal certificate to the SBC and enable it.
- Find all TLS profiles where the currently used Local-Internal certificate, which is going to expire is assigned.
- Schedule a maintenance window to replace the old certificate with the new certificate in all TLS profiles and delete the old certificate.
...
- Generate the new remote certificate with the same procedure used to generate the old remote certificate.
- To import remote certificates, refer to to PKI Security - CLI - > Local-InternalCertificatesInternal Certificates.
Import the new remote certificate to the SBC and enable it.
...