06-20-2012 08:55 AM
One of my existing wildcard SSL certificates applied to a busy VS is set to expire in 30 days. I have obtain the renewal cert and would like to understand the impact of swapping the SSL certs with a new one.
What would happen to the existing client SSL sessions? Assuming no impact since SSL negotiation happens during the initial handshake and therefore new sessions will immidiately start utilizing the new certificate presented by the VS
Is there any other known factors to be aware ahead of time?
Appreciate any feedback!
Solved! Go to Solution.
06-20-2012 01:30 PM
Hi Mike, I agree with you : as symmetrical encryption (probably RC4) is already engaged, there should have no impact on existing SSL transaction. Here we have done this many times with nobody complaint... HTH Yannick
06-20-2012 02:41 PM
I've done this in the past as well and STM makes it very easy to apply it but the CRB board is looking for some theoratical risk factors that might affect the user during the HTTP high throughput traffic.
06-25-2012 03:17 AM
There should be no loss of traffic; by design, configuration changes are picked up by new connections, but do not interrupt existing connections. Existing SSL handshakes will continue to use the current certificate, and once the handshake is complete and the shared encrpytion key is established, the certificate is not required.
There are a very small number of exceptions to the 'configuration changes do not interrupt connections' - these are flagged as 'needing restart' in the user interface. They tend to be changes that affect global configuration such as cache sizes.