Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

After replacing an SSL Certificate, the old SSL Certificate is still being returned by the LoadMaster

 

Information

 

Summary:

Sometimes after replacing an SSL Certificate on the LoadMaster, the old SSL Certificate can still be returned in the web browser when browsing to the Virtual Service's website immediately after the replacement.

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

Why is the old SSL Certificate still being presented to the client via the VIrtual Service after replacing it with a new SSL Certificate and how to fix this?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: This can sometimes happen when directly replacing the old SSL Certificate with the new SSL Certificate, while the old SSL Certificate is still assigned and in use on the Virtual Service.
Resolution: One way to correct this behaviour is to navigate to Certificates & Security > SSL Certificates on the Web User Interface (WUI) of the LoadMaster, locate the SSL Certificate in question, find the Virtual Service IP under the Assigned VSs column and unassign it by moving it left to the Available VSs column and click Save Changes. Now undo these changes by reassigning the same Virtual Service IP again back to the Assigned VSs column and clicking Save Changes. Now try browse to the website again and verify that the new, correct Certificate is now being returned as expected.
Workaround:  
Notes:

Methods of renewing SSL Certificate:

https://support.kemptechnologies.com/hc/en-us/articles/6713676650765-Methods-of-renewing-SSL-certificate


Was this article helpful?
0 out of 0 found this helpful

Comments

Avatar

Douglas Mahowald

This is a great workaround, but has the development team been informed about the issue? Seems like something they could fix pretty easily

0

Avatar

Darren DeHaven

Agreed, as this is a customer impacting issue, recommending it to be looked at.

I have a ton of VS, with different certs, so it was just easier to reboot the whole KEMP, which also worked.

 

0