After migrating to CM 8.x we had to provide identity certificates for CM and the remote 8300 LSPs. These were cut from our internal PKI. These are expiring in the next few weeks. The 8300 LSPs were no issue to add the new certs. What is the process to do the duplex servers? Do the primary first? Does the primary auto apply to the standby or apply to both?