When a certificate has expired, you must renew and update your existing certificate on the server and on the LoadMaster if SSL Acceleration is enabled on your Virtual Service.

Note: Replacing a certificate does not require a system reboot; however, it does impact production traffic. Therefore, we recommend performing this task outside of production hours. We recommend creating a backup (refer to the Backup and Restore Technical Note for details) and planning a maintenance window.

To replace certificate on the LoadMaster, follow these steps:

  1. In the main menu, select Certificates & Security > SSL Certificates.
  2. Identify the certificate that has expired and click the Replace Certificate button for that certificate.
    Note: You cannot delete or replace Let's Encrypt/DigiCert certificates from the SSL Certificates screen. You can only delete or replace Let's Encrypt/DigiCert certificates from Certificates & Security > ACME Certificates. The Replace Certificate and Delete Certificate buttons are grayed out on the SSL Certificates screen for Let's Encrypt/DigiCert certificates.
  3. In the Certificate File field, click Choose File and select renewed certificate.
    Note: The LoadMaster only accepts certificates in .PFX or .PEM format.
  4. Select the Key File (private key) if required.
  5. Enter the Pass Phrase (password) assigned to this certificate.
  6. Click Save.

The certificate is replaced and updated on the LoadMaster and Virtual Services.

Note: If you receive an error saying 'invalid passphrase' when saving the certificate, this might mean you have incorrectly entered the password for this certificate and will need to enter the correct password. This can also mean that passphrase was not accepted due to the character content. The Pass Phrase must be alpha-numeric, case sensitive, and have a maximum of 64 characters to be accepted by the LoadMaster.