Update an Expiring Certificate

Before your certificate expires, submit the same certificate signing request (CSR) to a CA in order to renew your certificate.

Table - Prerequisites

Prerequisite	More Information
Authenticate	Authenticate
Set up a new TLS certificate	Replace the TLS Certificate

This example assumes you have exported the access token to the variable $TOKEN.

Task 1: Aquire the New Certificate

Send your initial CSR to a Certificate Authority. The CA will reply with a certificate.

Task 2: Import the Certificate

1. Create an empty file called cert.xml using the XML structure shown below.

   <?xml version="1.0" encoding="UTF-8"?>
   <ImportCertificate>
       <recordName></recordName>
       <format>try-all</format>
       <overwrite>true</overwrite>
       <certificateRequest>
   </certificateRequest>
   </ImportCertificate>

2. Set the recordName element to the name of the certificate-record that contains the expiring certificate.

3. Paste the certificate into the <certificateRequest> element as shown below.

   <?xml version="1.0" encoding="UTF-8"?>
   <ImportCertificate>
       <recordName>restless</recordName>
       <format>try-all</format>
       <overwrite>true</overwrite>
       <certificateRequest>-----BEGIN CERTIFICATE-----
   MIIFKDCCAxCgAwIBAgIBMzANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx
   bmVlcmluZzEXMBUGA1UEAwwOQWNtZSBQYWNrZXQgTUExITAfBgkqhkiG9w0BCQEW
   SVyqYSTF/nV70LJ+pQ8gbfIqzZyoMyjhYgTrwVIf9aJMxjRqoLL06A6Z6Qdet1U2
   su00qDN9xMkg3CL+TTcllsMVKNlm4WWNVN48nZ+YKopQraJ7XbctmQkNJ+7nYZ9T
   MY86+oc3t0sM+o3kx9lZlwdIARvo5+Fm1/gjNvmqpWS1jvR0ImSUA242KhLYnhR0
   E6zQjHIZtp1ar4MzzXaCI9mrMIG2BgNVHSMEga4wgauAFNZWgcB7B/U/ohim9XCN
   scmNVuGnJxemvA221QIDAQABo4HzMIHwMAkGA1UdEwQCMAAwHQYDVR0OBBYEFLLT
   BAcMCkJ1cmxpbmd0b24xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA5B
   CzAJBgNVBAgMAk1BMRMwEQYDVQQHDApCdXJsaW5ndG9uMRQwEgYDVQQKDAtFbmdp
   NDNaMDcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTEMMAoGA1UEChMDRW5nMQ0w
   EmxhcnJ5LmVAb3JhY2xlLmNvbTAeFw0yMjA5MjkwOTI4NDNaFw0yMjA5MzAwOTI4
   7CJkrmsVgTbI51a+V+97qU8i3CnFUKU1GGQAHA82uM6qOKdSLMbGI1i2RHyJ5Kgx
   CwYDVQQDEwRBY21lMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbD7
   plsFstYOuB9q/NNwKcOxxkaJFaSaEkTOYL1xHJqxqjWwL8XwV+NbtB8onGoc7BuW
   5yw8hgn967OrKQV2PS4CQGKpEEqNFdbdCyGFBYEhpPnTPqasdXQ+JXA6afUrBxFU
   8nClWNF0Kt91DnQpQLflvw6pIHXJxRyIlCTONXlXCeYqyP7P+uaLsAtPR6BSwkZb
   b9TueJmlmUwdJNIA9+5AOdH7NSK0BKSKUUuGq+XpSINQW9/kHCCRt7MDXESOAq68
   x4jvy14Jxv5/gop7pT+vuOK2C6r2PuSVEcYwy52Z/U92qFlm4tz87EmzaXrbwpSm
   NJIbc+xMoYGHpIGEMIGBMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTUExEzARBgNV
   ggkA2nbQhiXlq+QwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4ICAQAJWTmW
   KxITTl29s3vkAYuqKCqD3kQdXXXj2GolJZ+B/6DVyvjPBM5BrHKXNFmUNKqQu8oB
   kIQoJSDKz0uqqm2NGQ3VoxBvQrkGnYokp8cPSay3W54yG6KWIybdXjf7fKT94+o6
   TkBwIozIMwHtoWE/DoBlZOksnJhH1YT14jzzqkwX3b5BvVW/wHGa7ueb9UAXlRx4
   Y21lIFBhY2tldCBNQTEhMB8GCSqGSIb3DQEJARYSbGFycnkuZUBvcmFjbGUuY29t
   OD+DvBQK6o4EOTebHwGw9AMWfDj4Y14jTvvQJYt/4cf0tLkbXQZzPUcdFipnOXek
   TNLI9DMXu/WpefMDMSJoA2eSdbb1nT7Zz5ESHKyiIC1fpuC68bRGrBEzZiY/e3LM
   q37ocjzQFlxzVp+cKMNcae4deF4tY4NNgvwGoM2gEAskaKyEcJC2VHwO878GSK+Y
   gJyDvsSose0jmovOrfP8qijC5DWYNj53G2KI4Q==
   -----END CERTIFICATE-----</certificateRequest>
   </ImportCertificate>

   Replace the contents of the <certificateRequest> element with the certificate you received from your Certificate Authority.

4. Acquire the configuration lock.

   curl -X POST \
       --header "Authorization: Bearer $TOKEN" \
       "https://${SBCIP}/rest/v1.2/configuration/lock"

5. Import the certificate.

   curl -X PUT \
       -d@cert.xml \
       --header "Authorization: Bearer $TOKEN" \
       "https://${SBCIP}/rest/v1.2/configuration/certificates/import"

6. Then save, verify, and activate the configuration.

7. Release the configuration lock.

   curl -X POST \
       --header "Authorization: Bearer $TOKEN" \
       "https://${SBCIP}/rest/v1.2/configuration/unlock"

8. Reboot the SBC.

   curl -X POST \
       --header "Authorization: Bearer $TOKEN" \
       "https://${SBCIP}/rest/v1.2/admin/reboot"