cancel
Showing results for 
Search instead for 
Did you mean: 

Replacing SSL certificate used by Virtual Server

SOLVED
Highlighted
New Contributor

Replacing SSL certificate used by Virtual Server

One of my existing wildcard SSL certificates applied to a busy VS is set to expire in 30 days.  I have obtain the renewal cert and would like to understand the impact of swapping the SSL certs with a new one.

 

What would happen to the existing client SSL sessions?  Assuming no impact since SSL negotiation happens during the initial handshake and therefore new sessions will immidiately start utilizing the new certificate presented by the VS

 

Is there any other known factors to be aware ahead of time?

 

Appreciate any feedback!

 

Thanks,

Mike

3 REPLIES
Occasional Contributor

Re: Replacing SSL certificate used by Virtual Server

Hi Mike, I agree with you : as symmetrical encryption (probably RC4) is already engaged, there should have no impact on existing SSL transaction. Here we have done this many times with nobody complaint... HTH Yannick

New Contributor

Re: Replacing SSL certificate used by Virtual Server

I've done this in the past as well and STM makes it very easy to apply it but the CRB board is looking for some theoratical risk factors that might affect the user during the HTTP high throughput traffic.

Frequent Contributor

Re: Replacing SSL certificate used by Virtual Server

Hi Mike,

 

There should be no loss of traffic; by design, configuration changes are picked up by new connections, but do not interrupt existing connections.  Existing SSL handshakes will continue to use the current certificate, and once the handshake is complete and the shared encrpytion key is established, the certificate is not required.

 

There are a very small number of exceptions to the 'configuration changes do not interrupt connections' - these are flagged as 'needing restart' in the user interface.  They tend to be changes that affect global configuration such as cache sizes.

 

Owen