Do I really need to re-bind the Delivery Controller XML port to a new cert every time it expires?

[bspies]

Every year I go through steps to re-bind an updated cert for my XML ports on our Delivery Controllers because I do not want to see what happens if I let them all lapse.  Is this really necessary?  I find sometimes when I go do this task that the cert has already renewed, and the new cert thumbprint does not match the XML binding (so it appears to be working.. but this is always before the expiry date). 

Has anyone actually had experience with this lapsing and the system going down?

this article has also helped me in the past https://www.ferroquesystems.com/resource/howto-enable-ssl-on-citrix-delivery-controllers-easy-method/ in case you do not know what I am referring to.

Edited March 8 by bspies

[James Kindon]

You don't need to change it - you should as a best practice, but it won't stop working if you let it lapse - we see this with cloud connectors all the time, new version or update, the hash changes and the bindings are skewed - became obvious when I was working on this

https://github.com/JamesKindon/Citrix/blob/master/EnableSSL.ps1

[Krishna534]

Hi

I think if the cert hash gets changed, SSL needs to be set again with correct cert hash.