Is it really required to have a restart of the gateway especially for scenario #3? Here we are using:
- the existing private key, means no deletion and re-creation is required
- the same link and alias in the Routing Assertion, which will not be broken due to deletion of the key
Yes, I can confirm that deleting a private key will brake the link in the Routing Assertion ("Unrecognized") and re-creating it with the same alias will NOT automatically restore it.
But if the renewal will be done based on the existing key and just a "Replace Certificate Chain" is required, I would expect that here no restart is required and that the new certificate will be used automatically for any new Connection.
Can someone confirm this?
And as Anand already asked, isn't there any official documentation and best practices available how to handle such private key renewals?
Thank you!
Ciao Stefan