Certificate rotation of expired certificates

You can check the expiration date of your SSL certificate and then rotate it, if expired.

When you update the private key for your certificate, update the certificate if it has expired, or update a certificate in a full bundle in an existing EAA certificate, all the applications using it are marked as Ready for Deployment. You need to redeploy all the applications when you update the certificate. If you use EAA Client for accessing Client-Access applications, the EAA Client software connects with the application host with use of the updated certificate once the WebSocket connection is recycled.

Check expiration date of a SSL certificate

You can check the expiration of the certificate before doing a certificate rotation or for troubleshooting certificate issues.

  1. Open a UNIX command line window.

  2. Enter a query openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -dates.

The expiration date appears in the response as notAfter=<expiration_date>.

For example, if the HOSTis control.akamai.com, PORTis 443, using the openssl command, you can see the expiration date is Nov 21, 23:59:59 minutes in 2021.

Edit certificate parameters and upload certificate bundles

You can update the keys, passwords, certificate content for certificates issued by certificate authority or custom certificates.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Certificates > Certificates.

  3. Select Certificate Authorities or Custom Certificates depending on which certificate you created.

  4. Click Edit Certificate.

  5. Update any of the relevant fields like keys, passwords, certificate content, or upload the updated certificate bundle for certificates issued by certificate authority or custom certificates.

ūüďė

Note

Self-signed certificates are not editable.

  1. Click Save.