Hello,
AOS 8.10.0.5
MCR and standby MCR
cluster of 10 7240XMs
back-up cluster of 4 7240XMs
We changed our SSL cert (wildcard) for our controllers today (from last year's wildcard, same CN). The process was a little convoluted as it looks like last year we had imported the cert individually to each cluster member (which showed as an override). I wanted to just import the new cert at Managed Network level and not individually configure each box to use it. Initially for the first controller I changed the servercert to default, with the plan to change it back to the real cert from the managed network level. However for the rest of the controllers I realised removing the override was easy and worked fine so did not do this for them.
So the other controllers are all fine and are using the right cert which is configured at the Managed Network level. But the one controller I mucked around with stubbornly refuses to use the new cert. There are no overrides in place for it, the config looks fine when viewing from the Conductor for that controller. But when connecting to the GUI it shows it is still dishing up the default self-signed cert. How can we force it to use the new, non-default cert? I have tried removing the new cert and re-adding it at managed network level with a different name (and filename) but although there are no errors when propagating the config nothing changes for this one controller.
On the controller itself it has the correct cert imported:
(md-1) *#show crypto-local pki serverCert
Certificates
------------
Name Original Filename Reference Count Expired
-------------- ----------------- --------------- -------
AOS2023 aosnew2023.p12 2 No
AOSold2022 AOSwild2022OLD.p12 0 No
(md-1) *#show web-server profile
Web Server Configuration
------------------------
Parameter Value
--------- -----
Cipher Suite Strength high
SSL/TLS Protocol Config tlsv1.2
Switch Certificate default
Captive Portal Certificate AOS2023
IDP Certificate AOS2023
But the switch Cert still shows as default.
Guy