Forum Discussion
Brad_Parker
Jan 15, 2016Cirrus
What I tend to do is to create a tgz with the same folder structure as when exporting certs via the archive function and put all the new certs and keys in there with new names based on their subject-expiration year. i.e. one folder named ssl.crt and one named ssl.key. I then import that.
You could also upload them via sftp and import them with
tmsh install crypto key from-file-location
and tmsh install crypto cert from-file-location
.
Then from there I just script the replacing of the cert, key, and chain(if necessary) of the client ssl profile
tmsh modify ltm profile client-ssl cert-key-chain replace-all-with { {cert key chain }}
You could also easily do this via iControl as well is you wanted to. The reason you have to do this is you can not replace a key that is currently in use in a profile. You can replace a cert if it is generated from the existing key as this would be considered a renewal.