Ssl Server Certificate Renewal Procedure - Radware Alteon Application Manual

Alteon Application Switch Operating System Application Guide
Offloading SSL Encryption and Authentication

SSL Server Certificate Renewal Procedure

The SSL server certificate renewal procedure comprised two cases:
1. Renewal of a self-signed server certificate (The certificate was created on the Alteon itself, and
the certificate signer (CA) is same as the certificate subject name.)
2. Renewal of a real server certificate signed by a third-party trusted CA.
In both cases, in order to facilitate a timely renewal process, you can track Alteon SNMP alerts.
Alteon generates SNMP alerts 30, 15, 10, 5, 4, 3, 2, and 1 day before certificate expiration. Once a
certificate has expired a daily alert is issued.
To renew a self-signed certificate
1. Log in over a secure management interface (SSH, HTTPS).
2. Enter the certificate repository (/cfg/slb/ssl/certs/) and select the server certificate to be
renewed.
3. Select Generate.
Alteon will recognize this as a self-signed certificate (SubjectName=Issuer) and will prompt
with:
A self-signed server certificate already generated.
Expire: Sat Nov 10 02:51:59 2013
To renew, enter certificate validation period in days (1-3650) [365]:
4. Enter the new validation period.
5. Enter Apply and Save.
To renew a real server certificate signed by a third-party trusted CA
1. Log in over a secure management interface (SSH, HTTPS).
2. Enter the certificate repository (/cfg/slb/ssl/certs/).
3. If the original server certificate was generated on this Alteon platform, then a corresponding
Certificate Signing Request (CSR) will exist for it in the certificate repository. Skip to step 5.
4. If there is no existing CSR, create a CSR for the server certificate:
a. Select the server certificate to be renewed.
b. Enter cur to list all certificate information.
c. Exit and enter the Request menu using the same ID as the to-be-renew server certificate.
d. Select Generate and specify all information as shown for the existing server certificate
(from the cur command).
5. Export the to-be-renewed server certificate CSR and send it to the third-party CA for signing.
6. When the newly-signed certificate is received from the third-party CA import it to the Alteon
platform with the same ID as the existing server certificate.
7. Enter Apply and Save.
Alternatively you can follow the procedure in example1 for generating a new server certificate, and
when completed, replace the associated server certificate in the virtual service. This allows easy roll-
back to a previous certificate if needed.
342
Document ID: RDWR-ALOS-V2900_AG1302