Update SSL Template after Cert Upload via axapi

[Deleted User][Deleted User]
in SSLi - SSL Insight
Hello everyone,

I have created a script that uploads a certificate to our AX3200-12 with axapi. Is there a way to trigger a manual reload of the certificate, so that I don't have to update the client ssl template manually?

Expected behavior:
1. upload ssl certificate with the same name as the old one
2. client ssl template uses the new certificate

Observed behavior:
1. upload ssl certificate with the same name as the old one
2. client ssl template still uses old certificate
(3. manual editing of the template or a reload of the unit is neccessary which is unfavorable)

Any ideas?

Kind regards,
Alex
Tagged:

Comments

  • DCHDCH Member
    edited May 2016
    Hello,


    I had a couple of issues with the updates, the steps 1 & 2 can stay the same but I decided to use a naming convention based on the service and the year of expiration :

    slb template client-ssl TPL_SAMPLE_2017
    cert SAMPLE_2017.cert
    chain-cert SAMPLE.cert
    key SAMPLE_2017.key pass-phrase xxxxxxxxxxxxxxxxxxxx
    template cipher TPL_CIPHER_SAMPLE
    !

    Now for the service not using the new cert, you have to rebind the template at the virtual port level OR use a new template (thats one of the reason I took the road of a new template with the expiration date).

    So in you script, for a rebind using an updated cert in an existing template
    slb virtual-server VIP_SAMPLE 10.0.0.1
    port 443 https
    no template client-ssl TPL_CERT
    template client-ssl TPL_CERT
    !

    OR with a new template :

    slb virtual-server VIP_SAMPLE 10.0.0.1
    port 443 https
    template client-ssl TPL_SAMPLE_2017


    Hope it helps.
Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal