Applying new SSL certificates in Symantec VIP Enterprise Gateway

VIP Enterprise Gateway

There are 4 services where an SSL certificate could be in use. After adding (import/create) the new SSL certificate, you will need to check each of these 4 services to ensure that the new SSL certificate is selected (if using SSL for that service):

• Self Service Portal IdP (click Configuring the Self Service Portal IdP if not already configured)
  * In VIP EG > Identity Providers > Self Service Portal IdP > if configured, click Edit button
  * In End User Access Settings > apply HTTPS to both Load Balancer URL and Protocol > select the new SSL certificate > click Apply Changes & Restart
  
  
• VIP Manager IdP (click Configuring the VIP Manager IdP if not already configured)
  * In VIP EG > Identity Providers > VIP Manager IdP > if configured, click Edit button
  * Apply HTTPS to both Load Balancer URL and Protocol > select the new SSL certificate > click Apply Changes & Restart
  
  
• Enterprise Gateway Console 
  * In VIP EG > Settings > Console Settings
  * Apply HTTPS to Protocol  > select the new SSL certificate > click Submit
  
  
• Health Check 
  * In VIP EG > Settings > Health Check Settings > click Edit button
  * Apply HTTPS to Enable SSL > select the new SSL certificate > click Save Changes

When adding a new SSL certificate to replace an existing SSL certificate, old certificate cannot be deleted until it is no longer in use. Select the new certificate to use if SSL is enabled. When the old SSL certificate is no longer in use by any service, the old certificate should no longer be marked "In Use = Yes" and can be deleted.

Cross-referencing KB150739 for information on creating/installing/managing SSL certificates on VIP Enterprise Gateway