Updating an Expiring Load Balancer Certificate
Update an expiring SSL certificate for a load balancer.
To ensure consistent service, you must update (rotate) expiring certificates. This process consists of the performing the tasks:
-
Uploading the new SSL certificate bundle to the load balancer.
-
Editing the applicable listeners and backend sets so they use the new certificate bundle.
-
Optionally remove the expiring SSL certificate bundle.
Using the Console
-
Update your client or backend server to work with a new certificate bundle.
Note
The steps to update your client or backend server are unique to your system.
-
Upload the new SSL certificate bundle to the load balancer:
-
Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears. The Load balancers page appears.
-
Click the name of the Compartment that contains the load balancer you want to change, and then click the load balancer's name.
-
Click the load balancer you want to configure. The load balancer's Details page appears.
-
Click Certificates under Resources. The Certificates list appears. All certificates are listed in tabular form.
-
Complete the following:
-
Certificate name: Enter a friendly name for the certificate bundle. It must be unique within the load balancer, and it can't be changed in the Console. (It can be changed using the API.)
-
Choose SSL certificate file: Drag the certificate file, in PEM format, into the SSL certificate field.
You can also choose the Paste SSL certificate option to paste a certificate directly into this field.
Important
If you submit a self-signed certificate for backend SSL, you must submit the same certificate in the corresponding CA Certificate field.
-
Specify CA certificate: (Recommended for backend SSL termination configurations.) Select to provide a CA certificate.
-
Choose CA certificate file: Drag the CA certificate file, in PEM format, into the CA certificate field.
You can also choose the Paste CA certificate option to paste a certificate directly into this field.
-
-
Specify private key: (Required for SSL termination.) Select to provide a private key for the certificate.
-
Choose private key file: Drag the private key, in PEM format, into the Private key field.
You can also choose the Paste private key option to paste a private key directly into this field.
-
Enter private key passphrase: (Optional) Specify the private key passphrase.
-
-
-
Click Add certificate. Next, edit each applicable listeners or backend sets (as needed) so they use the new certificate bundle:
-
-
Edit the listener:
- Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.
-
Choose the Compartment that contains the load balancer you want to change, and then click the load balancer's name.
-
Click Listeners under Resources. The Listeners list appears. All listeners are listed in tabular form.
-
Click the Actions menu () next to the listener you wan to edit, then click Edit Listener.
-
In the Certificate name list, choose the new certificate bundle.
-
Click Submit.
-
Edit a backend set:
- Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.
-
Choose the Compartment that contains the load balancer you want to change, and then click the load balancer's name.
-
Click Listeners under Resources. The Listeners list appears. All listeners are listed in tabular form.
-
Click the Actions menu () next to the listener you wan to edit, then click Edit Listener.
-
In the Certificate name list, choose the new certificate bundle.
-
Click Submit.
-
Edit a backend set:
Important
Updating the backend set temporarily interrupts traffic and can drop active connections.
-
Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.
-
Select the Compartment from the list. All load balancers in that compartment are listed in tabular form.
-
Select a State from the list to limit the load balancers displayed to that state.
-
Select the load balancer whose backend set you want to edit. The load balancer's Details page appears.
-
Click Backend sets under Resources. The Backend sets list appears. All backend sets are listed in tabular form.
-
Click the name of the backend set you want to edit. The backend set's Details page appears.
-
Click Edit backend set. The Edit backend set dialog box appears.
-
Select Use SSL.
-
In the Certificate name list, choose the new certificate bundle.
-
Click Save changes.
-
-
(Optional) Remove the expiring SSL certificate bundle.
Note
You can't delete an SSL certificate bundle that's associated with a listener or backend set. Remove the bundle from any other listeners or backend sets before deleting.
-
Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.
-
Click the name of the Compartment that contains the load balancer you want to change, and then click the load balancer's name.
-
Click the load balancer you want to configure.
-
In the Resources menu, click Certificates.
-
For the certificate you want to delete, click the Actions menu (), and then click Delete.
-
Confirm when prompted.
-