Updating SSL Key and Certificate

Starting with release 17.1.1, Avi Vantage supports the update of non-self-signed certificates.

Use Case

When a certificate expires or otherwise needs to be replaced, multiple virtual services may be impacted. Manually updating each VS, one by one, to use a replacement certificate presents administrative burden. By updating the certificate in place, Avi Vantage lifts that burden. Updating the pre-existing named certificate is automatically followed by a push to all affected SEs, which in turn causes all affected virtual services to continue without interruption.

UI Interface

Navigate to the SSL/TLS Certificate list. Click the pencil icon at the extreme right of the row to open the certificate editor. Note that any row listing a self-signed certificate will present no such option.

Certificate List

If the Avi SSLKeyAndCertificate object was created via a certificate signing request (CSR), the user has the option to take the CSR, get it re-signed, and upload the new certificate. See below.

Case 1: SSLKeyAndCertificate created from a CSR

On the other hand, if the Avi SSLKeyAndCertificate object was created by importing the private key and certificate, the user may edit and upload a new key-cert pair. See below.

Case 2: SSLKeyAndCertificate created via private key and cert import