H/A SBC Certificate Renewal

[trilogy8]

I'm going to be installing an updated SBC certificate due to an upcoming expiry of the current. I know the process to login to the EMS and install the new cert and key file. I'm planning to leave the name field blank and ensure the file name is the same as what's current to then choose overwrite existing. After doing this is it required to SSH into each SBC and run the certsync , certinstall or does that only apply for a first time cert install?

 

[kyle555]

What relelase? Until the later ends of 7.2.2 I always thought doing a new cert for the sig interface for a remote worker on a EMS+HA pair always needed those certsync commands otherwise it'd never take.

That said, I've never kept a close eye on the EMS and SBC certs they use to secure management traffic. Maybe they renew every time you patch - like SM and SMGRs certs. God knows I haven't had HA pairs go 2+ years without needing some sort of patch, so I've never really looked to notice!

You're referring to an outside remote worker certificate, right?

 

[trilogy8]

I uploaded the new one and used the overwrite option. I then logged into each of the CLI's and did the certsync/certinstall. It was all clean, but when doing the traceSBC and launching a remote client the SBC was still offering the old cert. I restarted the application and then it started presenting properly. Onto SM now.