Process To Renew a TLS Certificate on Oracle Communications Session Border Controller SCX and SCZ Releases

Asset ID:	1-71-1907953.1
Update Date:	2017-05-30
Keywords:

Solution Type Technical Instruction Sure

Solution 1907953.1 : Process To Renew a TLS Certificate on Oracle Communications Session Border Controller SCX and SCZ Releases

Applies to:

Acme Packet 3820 - Version S-Cx6.4.0 and later
Acme Packet 4600 - Version S-Cx6.4.0 and later
Acme Packet 6100 - Version S-Cz7.0.2 and later
Acme Packet 6300 - Version S-Cz7.0.2 and later
Acme Packet 4500 - Version S-Cx6.4.0 and later
Information in this document applies to any platform.

Goal

Process to renew a SSL certificate

Solution

In order to renew the certificate, please try the below procedure:

Create a backup configuration file using the ACLI "backup-config <filename>" command.
Create a new certificate-record object with the same parameter settings but with a new name. ie: if your name is "voip.domain.com", create a new object named "voip.domain.com.renew2014".
- The existing certificate record name cannot be used because the import of the new certificate would fail, as an existing certificate name cannot be overwritten.
Don't delete the current certificate. Don't delete the current tls-profile.
Create a new certificate signing request CSR.
Import the new certificate.
In the exiting tls-profile object, change the parameter "end-entity-certificate" parameter to "voip.domain.com.renew2014" and save/activate the config.
If you do your end-2-end tests and seems the work fine then this is your new config.

If any issues occur, you can rollback by changing back the end-entity-certificate parameter into "voip.domain.com"

You can also refer to the following document for a more detailed process for updating the TLS certificate.

Transport Layer Security Certificate Update Procedure(1598288.1)

References

<NOTE:1598288.1> - Transport Layer Security Certificate Update Procedure

Attachments

This solution has no attachment