Unable to update certificate. Error "Certificate is referenced by a CRL, OCSP responder, vserver...)

Unable to update certificate. Error "Certificate is referenced by a CRL, OCSP responder, vserver...)

book

Article ID: CTX580131

calendar_today

Updated On:

Description

Getting error "Certificate is referenced by a CRL, OCSP responder, vserver, service, monitor, SSL profile, CA Cert Group, another certificate, or a policy expression using XML_ENCRYPT() or XML_DECRYPT()" when trying to update the existing certificate.

Resolution

Check the ADC running configuration to confirm that the certificate is not currently bound to a CRL, OCSP responder, vserver, service, monitor, SSL profile, CA Cert Group, another certificate, or a policy expression using XML_ENCRYPT() or XML_DECRYPT():
  1. Identify the CertKeyName of the certificate-key pair that needs to be updated.
  2. Open an ADC SSH session and type the command: 
    show run | grep -i "CertKeyName"
  3. Check for any results that show a binding of the certificate, such as "bind vpn global -certkeyName CertKeyName".
  4. Unbind the certificate using the corresponding unbind command, such as "unbind vpn global -certkeyName CertKeyName".
  5. Update the certificate.
  6. Confirm that the certificate expiration date updated.
  7. Confirm that any intermediate certificates required are linked.
  8. Bind the certificate to any previously bound entities by running the respective bind command, such as "bind vpn global -certkeyName CertKeyName"

Problem Cause

The certificate being updated was bound to VPN Global entity.

Powered by Wolken Software