Renew SSL Certificate on Stingray Loadbalancer

Once SSL certificate on Stingray/Brocase/Zeuss reaching expiry, there will be an alert generated on the Loadbalancer in advance to inform you to take necessary action.

If you recieve .pfx certificate from customer, then you would need to convert it in order to import into the Stingray Loadbalancer. Please note that this .pfx file contains public and private key and extension .pfx is associated Microsoft Servers.  Private key in received .pfx file received from customer will also be encrypted with password, so customer will provide you password as well do decrypt it before installing into the Stingray Loadbalancer.

What you would need is basically access to any Unix machine that has openssl installed. Then you need to follow these steps:

Extracting the private key from a PKCS12 file:

openssl pkcs12 -in certificate.from.customer.pfx -nocerts -out key.pem -nodes

If you omit the -nodes flag, openssl will prompt you for an encryption password to protect your private key; Stingray does not support such encrypted keys.  If you inadvertently create an encrypted key, you can generate the decrypted version as follows:

openssl rsa -in key.pem -out key.decrypted.pem

Extracting the certficate from a PKCS12 file:

openssl pkcs12 -in certificate.from.customer.pfx -nokeys -out cert.pem

Now go into Loadbalncer>SSL tab. Then import cert.pem and key.decrypted.pem file into the Loadbalancer. You would then see the newly imported certificate is now showing into the list of all available SSL certificate.

You would now need to attach the newly imported certificate with the VIP/Pool.

  1. Just go into the Catalog>SSL tab and select your certificate that is expiring.
  2. Then click on the VIP/Pool linked to the certificate that is expiring.
  3. Select the newly imported certificate from the drop-down list of available certificates and click update at the bottom of the page.

You should now see the alert in the load balancer regarding certificate expiry is now cleared. This can be checked in event logs in the load balancer tab and notice that the new certificate activation cause alert to go green from amber.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s