How do I use the old 1024 bit ssl certificate while the new 2048 cert is getting signed by the CA?
After installing E4_1_sslkey_2048 patch it is required to run the ssl newcert command to generate a new CSR with 2048 bit host key. However, running this command deletes the existing certificates. Once this happens it is not possible to retrieve the previously installed certificate. You can avoid this by downloading and saving the old 1024 bit certificate on your desktop using Administration Suite. However, it does not download the private key associated with the certificate. You can overcome this problem by completing the steps below within CLI after installing E4_1_sslkey_2048 patch
Run the below command to save your old certificate along with the private key. Where <interface> is an IP address or fully qualified DNS hostname associated with one of the network interfaces on your Mirapoint system.
CLI> ssl getcert <interface>
Run the below command to generate the new CSR with 2048 bit encryption.
CLI>ssl newcert <interface>
Run the below command to save the newly generated csr.
CLI> ssl getcsr <interface>
Run the below command to save new certificate and private key.
CLI>ssl getcert <interface>
Run the below command to put the old certificate on while the new one is getting signed.
CLI> ssl setcert <interface> <certificate>