A recent security vulnerability scan showed that a number of my vServers are running SHA-1 hashed SSL keys, and our security folks are working to remediate this by offering SHA-256 hashed keys instead. After generating CSRs and running the certificate requests through our key-generating robot, I now have several of these Base-64 encoded .CER keys on a windows machine, and I'd like to get them installed on the filers (running CDOT 8.2.3). What's the best way to do this?
A couple of notes: I've read this article about renewing SSL certificates, but it's not quite what I'm looking for. That article assumes your certificates have expired, and that's not what I'm running into here. Whole new keys need to be installed for the vservers that have been flagged. If I knew how to extract the text the filer was expecting (i.e., text that starts BEGIN CERTIFICATE and ends END CERTIFICATE) from the FOO.CER file, I'd be happy to do that.
Thanks!