Renew certificates for SMC components and Secure SD-WAN Engines when certificate authorities expire

If a certificate authority is about to expire, the components that use certificates signed by the certificate authority require new certificates that are signed by a valid certificate authority.

Messages in the Management Client about expiring certificate authorities indicate that a certificate authority is about to expire, a new certificate authority has been automatically created, or a certificate authority has expired.

You might need to renew certificates for SMC components and Secure SD-WAN Engines in the following cases:

  • The certificate authority that signed the certificate of a component is about to expire.
  • A certificate authority has been automatically renewed, and a new certificate must be generated for the component.
  • Components refuse connection attempts with each other.
  • Automatic certificate renewal for Secure SD-WAN Engines fails.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Re-certify the SMC servers.
  2. To use the new certificate on Secure SD-WAN Engines after automatic certificate renewal, refresh the policy.
  3. If the automatic certificate renewal for Secure SD-WAN Engines fails, renew the Secure SD-WAN Engine certificates manually.